New York, Monday, October 14, 2024 – The US government has initiated legal proceedings against North Korea’s hacking collective, the Lazarus Group, in an effort to recover $2.6 million in stolen cryptocurrency. The complaint, filed on October 7 in the U.S. District Court for the District of Columbia, details the government’s attempts to reclaim funds associated with cyberattacks carried out by the state-sponsored group.
The court document specifically seeks the recovery of $1.7 million in Tether (USDT) linked to the November 2022 hack of Derbit, a Panamanian cryptocurrency exchange, from which $28 million was stolen. Additionally, officials are pursuing $971,000 in Avalanche-bridged Bitcoin that was taken during the Lazarus Group’s September 2023 attack on a digital casino, which resulted in a loss of $41 million from the online sportsbook.
This legal action underscores the U.S. government’s ongoing efforts to disrupt the Lazarus Group’s operations, which have significantly contributed to funding North Korea’s military initiatives through a series of cyberattacks targeting the digital asset sector.
In November, the U.S. Treasury Department imposed sanctions on Tornado Cash, designating it as a crucial money laundering tool for the Lazarus Group. Deputy Treasury Secretary Wally Adeyemo emphasized that “mixing services that enable criminal actors, such as the Lazarus Group, to launder stolen assets will face serious consequences.”
The Lazarus Group’s cyber activities present a substantial threat to global security, particularly with their increased focus on the cryptocurrency industry. A United Nations report published in March indicated that as much as 40% of the funds stolen by North Korean hackers are redirected to support the country’s weapons of mass destruction (WMD) program.
In September, the FBI issued a warning regarding the Lazarus Group’s tactics, highlighting the complex and elaborate nature of their social engineering schemes, which often compromise even those with strong cybersecurity knowledge. The FBI alert noted that the scale and persistence of these malicious activities render many individuals and organizations vulnerable to North Korea’s relentless efforts to breach networks connected to cryptocurrency assets.