FBI 揭露了北韓 Lazarus 集團和 2 億美元加密貨幣竊盜案的真相

調查研究員 ZachXBT 揭露了臭名昭著的北韓駭客組織 Lazarus Group 的運作方式，揭露了他們涉及 25 次加密貨幣駭客的 2 億美元洗錢蹤跡。該報告追蹤了被盜資金通過交易所、Tornado Cash 等隱私混合器和 P2P 市場的流動。 ZachXBT 的詳細分析揭示了該組織將數位資產整合並轉換為法定貨幣的方法，凸顯了中國場外交易商在促進洗錢過程中的作用。

North Korea's Lazarus Group: Unraveling the $200 Million Crypto Laundering Scheme

北韓拉撒路集團：揭開價值 2 億美元的加密貨幣洗錢計劃

Introduction

介紹

The infamous North Korean hacking group, Lazarus Group, has come under intense scrutiny following a comprehensive report by renowned on-chain sleuth ZachXBT. The report meticulously chronicles 25 separate hacks perpetrated by the group, resulting in the illicit acquisition of over $200 million worth of cryptocurrency.

在著名鏈上偵探 ZachXBT 發布全面報告後，臭名昭著的北韓駭客組織 Lazarus Group 受到了嚴格審查。該報告詳細記錄了該組織實施的 25 起獨立駭客攻擊，導致非法取得價值超過 2 億美元的加密貨幣。

The Lazarus Group's Crypto Heist: Modus Operandi

拉撒路集團的加密貨幣搶劫：犯案手法

Over the past several years, Lazarus Group has orchestrated a series of high-profile cryptocurrency heists, targeting both individuals and companies. In 2020 alone, the group successfully breached the hot wallets of several crypto exchanges, including Coinberry and CoinMetro, stealing a combined sum of over $1.1 million in Bitcoin (BTC) and Ether (ETH).

在過去的幾年裡，拉撒路集團精心策劃了一系列引人注目的加密貨幣搶劫案，目標包括個人和公司。光是 2020 年，該組織就成功攻破了 Coinberry 和 CoinMetro 等多家加密貨幣交易所的熱錢包，竊取了總計超過 110 萬美元的比特幣 (BTC) 和以太幣 (ETH)。

Laundering the Proceeds: A Winding Path

洗錢收益：一條曲折的道路

Lazarus Group employed a sophisticated laundering scheme to conceal the illicit funds obtained through these hacks. The stolen cryptocurrency was initially consolidated into a single address before being gradually moved through Tornado Cash, an Ethereum-based privacy mixer. Despite Tornado Cash's reputation for obfuscating transaction trails, ZachXBT managed to trace the movement of these funds, leveraging their unique characteristics upon withdrawal.

拉撒路集團採用了複雜的洗錢計畫來隱藏透過這些駭客行為所獲得的非法資金。被盜的加密貨幣最初被整合到一個地址中，然後逐漸通過基於以太坊的隱私混合器 Tornado Cash 轉移。儘管 Tornado Cash 因交易軌跡混亂而聞名，但 ZachXBT 仍利用其提款時的獨特特徵，成功追蹤了這些資金的動向。

Over the subsequent two years, the laundered cryptocurrency was commingled with funds from other Lazarus Group thefts and transferred to peer-to-peer (P2P) crypto marketplaces, such as Paxful and Noones, in the form of Tether (USDT).

在接下來的兩年裡，經過洗錢的加密貨幣與 Lazarus 集團其他盜竊案的資金混合在一起，並以 Tether (USDT) 的形式轉移到 Paxful 和 Noones 等點對點 (P2P) 加密貨幣市場。

Freezing the Assets: International Collaboration

凍結資產：國際合作

In a significant development, a portion of the stolen funds was frozen in November 2023, with an undisclosed amount subsequently frozen by centralized exchanges in the fourth quarter of 2023. Additionally, three of four stablecoin issuers seized approximately $3.4 million held in a group of addresses associated with Lazarus Group.

一項重大進展是，部分被盜資金於2023 年11 月被凍結，具體金額隨後被中心化交易所於2023 年第四季度凍結。中持有的約340 萬美元與拉撒路集團有關。

Chinese OTC Desks: A Historic Nexus

中國場外交易櫃檯：歷史性的聯繫

The report also sheds light on Lazarus Group's use of Chinese over-the-counter (OTC) desks, including Wu Huihui, to facilitate the conversion of cryptocurrency into fiat (local currency). In April 2023, the US Department of Justice (DOJ) unsealed an indictment against Wu, alleging his involvement in financial transactions with the Democratic People's Republic of Korea (DPRK).

該報告還披露了 Lazarus Group 使用包括吳慧慧在內的中國場外交易 (OTC) 櫃檯來促進加密貨幣兌換為法定貨幣（當地貨幣）的情況。 2023 年 4 月，美國司法部 (DOJ) 公佈了對吳的起訴書，指控他參與與朝鮮民主主義人民共和國 (DPRK) 的金融交易。

Lazarus Group's Impact: A Far-Reaching Threat

拉撒路集團的影響力：深遠的威脅

The report underscores the pervasive impact of Lazarus Group attacks on the crypto ecosystem. Thousands of individuals and organizations have been directly or indirectly affected by their malicious activities, and this number is anticipated to grow.

該報告強調了拉撒路集團攻擊對加密生態系統的普遍影響。數以千計的個人和組織直接或間接受到其惡意活動的影響，並且預計這個數字還會增長。

Additional Analysis: Quantifying the Damage

附加分析：量化損害

Elliptic, a leading blockchain analytics firm, revealed that Lazarus Group was responsible for crypto heists amounting to over $300 million in 2022 alone. As of September 2023, the group reportedly held approximately $47 million worth of cryptocurrency in its wallets.

領先的區塊鏈分析公司 Elliptic 透露，Lazarus Group 僅在 2022 年就實施了價值超過 3 億美元的加密貨幣竊盜案。據報道，截至 2023 年 9 月，該組織的錢包中持有價值約 4,700 萬美元的加密貨幣。

Conclusion

結論

ZachXBT's report provides a comprehensive and detailed account of Lazarus Group's cryptocurrency laundering activities. The findings underscore the group's sophisticated tactics, extensive network, and reliance on privacy-enhancing technologies to evade detection. This report serves as a timely reminder of the ongoing threat posed by North Korea's cybercrime operations in the digital asset realm.

ZachXBT 的報告全面詳細地介紹了 Lazarus 集團的加密貨幣洗錢活動。調查結果凸顯了該組織複雜的策略、廣泛的網路以及依賴隱私增強技術來逃避偵測。該報告及時提醒人們北韓在數位資產領域的網路犯罪活動所構成的持續威脅。