北韓拉撒路集團利用被盜加密貨幣洗錢超過 2 億美元

臭名昭著的北韓國家支持的駭客組織Lazarus Group 在2020 年至2023 年間透過超過25 次駭客攻擊，洗掉了價值超過2 億美元的被盜加密資產。盜資金轉換為法定貨幣貨幣。

North Korean Lazarus Group Launders Over $200 Million in Stolen Cryptocurrency

北韓拉撒路集團洗錢超過 2 億美元被盜加密貨幣

Washington, D.C. - The Lazarus Group, a notorious North Korean state-backed hacking collective, has laundered over $200 million worth of cryptocurrency stolen from various crypto exchanges and platforms between 2020 and 2023, according to a comprehensive analysis published on April 29th by ZachXBT, a renowned pseudonymous on-chain researcher.

華盛頓特區- 根據ZachXBT 4 月29 日發布的綜合分析，臭名昭著的朝鮮國家支持的黑客組織Lazarus Group 在2020 年至2023 年間洗白了從各種加密貨幣交易所和平台竊取的價值超過2 億美元的加密貨幣。

Lazarus Group: A History of Cryptocurrency Theft

拉撒路集團：加密貨幣竊盜的歷史

The Lazarus Group has been operating for over a decade, emerging in 2009 and perpetrating numerous high-profile crypto hacks. Between 2017 and 2023 alone, the group has stolen over $3 billion in digital assets, solidifying its status as one of the most formidable and prolific cybercriminal organizations targeting the cryptocurrency industry.

Lazarus 集團成立於 2009 年，已經運作了十多年，並實施了許多引人注目的加密貨幣駭客攻擊。僅在 2017 年至 2023 年間，該組織就竊取了超過 30 億美元的數位資產，鞏固了其作為針對加密貨幣行業的最強大、最多產的網路犯罪組織之一的地位。

Modus Operandi: Cryptocurrency Mixing and Peer-to-Peer Marketplaces

操作方式：加密貨幣混合和點對點市場

To launder the stolen crypto assets, the Lazarus Group employed a combination of cryptocurrency mixing services and peer-to-peer (P2P) marketplaces, a technique commonly used by cybercriminals to obscure the origin and ownership of illicit funds.

為了洗錢被盜的加密資產，拉撒路集團採用了加密貨幣混合服務和點對點（P2P）市場的組合，這是網路犯罪分子通常用來掩蓋非法資金的來源和所有權的技術。

ZachXBT's analysis identified specific accounts on Noones and Paxful, two prominent P2P marketplaces, that received funds from the hacks and were subsequently used to convert the stolen cryptocurrency into fiat currency.

ZachXBT 的分析確定了 Noones 和 Paxful（兩個著名的 P2P 市場）上的特定帳戶，這些帳戶從駭客那裡獲得了資金，並隨後用於將被盜的加密貨幣轉換為法定貨幣。

Traceable Activity: Paxful and Noones Accounts

可追蹤活動：Paxful 和 Noones 帳戶

The investigation revealed that the Lazarus Group laundered at least $44 million through these two marketplaces, using two specific usernames: "EasyGoatfish351" and "FairJunco470." These accounts exhibited significant deposits and trading volumes, consistent with the stolen funds.

調查顯示，Lazarus 集團透過這兩個市場使用兩個特定使用者名稱「EasyGoatfish351」和「FairJunco470」洗錢至少 4,400 萬美元。這些帳戶顯示出大量存款和交易量，與被盜資金一致。

USDT Stablecoin: A Key Intermediate

USDT 穩定幣：關鍵中間體

Analysis further indicates that the stolen funds were initially converted into the USDT (USDT) stablecoin, a popular digital currency pegged to the value of the US dollar. The USDT was then exchanged for cash and withdrawn.

分析進一步表明，被盜資金最初被轉換為泰達幣（USDT）穩定幣，這是一種與美元價值掛鉤的熱門數位貨幣。然後USDT兌換成現金並提取。

China-Based OTC Traders: Facilitating Crypto-to-Fiat Conversions

中國的場外交易商：促進加密貨幣到法定貨幣的轉換

Historically, the Lazarus Group has relied on China-based over-the-counter (OTC) traders to facilitate the conversion of cryptocurrencies into fiat currency. These traders operate outside of traditional financial institutions, providing anonymity and flexibility for illicit transactions.

從歷史上看，Lazarus Group 一直依賴中國的場外交易 (OTC) 交易商來促進加密貨幣兌換為法定貨幣。這些交易者在傳統金融機構之外開展業務，為非法交易提供匿名性和靈活性。

Blacklisting of Stolen Funds

被竊資金列入黑名單

In November 2023, Tether, a leading stablecoin issuer, blacklisted over $374,000 worth of stolen funds. Subsequently, three out of four stablecoin issuers collectively blacklisted an additional $3.4 million held in a cluster of addresses linked to the Lazarus Group.

2023 年 11 月，領先的穩定幣發行商 Tether 將價值超過 374,000 美元的被盜資金列入黑名單。隨後，四分之三的穩定幣發行人集體將與 Lazarus 集團相關的一組地址中持有的另外 340 萬美元列入黑名單。

Lazarus Group's Share of Stolen Crypto in 2023

Lazarus Group 2023 年被盜加密貨幣份額

In 2023, the Lazarus Group accounted for approximately $309 million, or 17%, of the total $1.8 billion worth of cryptocurrency stolen through hacks and exploits, as reported by Immunefi in December 2023.

根據 Immunefi 於 2023 年 12 月報道，2023 年，Lazarus 集團透過駭客和漏洞竊取的加密貨幣總額約為 3.09 億美元，佔 18 億美元的 17%。

LinkedIn Attacks: Expanding Tactics

LinkedIn 攻擊：擴大策略

Recent reports from blockchain security analytics firm SlowMist indicate that the Lazarus Group has expanded its tactics to include targeted malware attacks on LinkedIn users with the intent of stealing digital assets.

區塊鏈安全分析公司 SlowMist 最近的報告表明，Lazarus 集團已擴大其策略，包括針對 LinkedIn 用戶進行有針對性的惡意軟體攻擊，目的是竊取數位資產。

Ronin Bridge Hack: A Notable Heist

Ronin Bridge Hack：一次著名的搶劫

One of the most significant heists orchestrated by the Lazarus Group was the 2022 Ronin Bridge hack, which resulted in the theft of approximately $625 million worth of cryptocurrency. This attack highlighted the group's sophisticated capabilities and willingness to target high-value crypto assets.

Lazarus 集團策劃的最重大搶劫案之一是 2022 年 Ronin Bridge 駭客事件，導致價值約 6.25 億美元的加密貨幣被盜。這次攻擊凸顯了該組織的複雜能力和針對高價值加密資產的意願。

Conclusion

結論

The Lazarus Group continues to pose a significant threat to the cryptocurrency industry, demonstrating its ability to adapt to evolving technologies and exploit vulnerabilities in crypto exchanges and platforms. Governments, law enforcement agencies, and the cryptocurrency community must remain vigilant in their efforts to combat the illicit activities of this persistent and highly skilled cybercriminal organization.

Lazarus 集團繼續對加密貨幣產業構成重大威脅，展示了其適應不斷發展的技術並利用加密貨幣交易所和平台中的漏洞的能力。各國政府、執法機構和加密貨幣社群必須保持警惕，努力打擊這個頑固且技術精湛的網路犯罪組織的非法活動。