FBI 揭开了朝鲜 Lazarus 集团和 2 亿美元加密货币盗窃案的真相

调查研究员 ZachXBT 揭露了臭名昭著的朝鲜黑客组织 Lazarus Group 的运作方式，揭露了他们涉及 25 次加密货币黑客的 2 亿美元洗钱踪迹。该报告追踪了被盗资金通过交易所、Tornado Cash 等隐私混合器和 P2P 市场的流动情况。 ZachXBT 的详细分析揭示了该组织将数字资产整合并转换为法定货币的方法，凸显了中国场外交易商在促进洗钱过程中的作用。

North Korea's Lazarus Group: Unraveling the $200 Million Crypto Laundering Scheme

朝鲜拉撒路集团：揭开价值 2 亿美元的加密货币洗钱计划

Introduction

介绍

The infamous North Korean hacking group, Lazarus Group, has come under intense scrutiny following a comprehensive report by renowned on-chain sleuth ZachXBT. The report meticulously chronicles 25 separate hacks perpetrated by the group, resulting in the illicit acquisition of over $200 million worth of cryptocurrency.

在著名链上侦探 ZachXBT 发布全面报告后，臭名昭著的朝鲜黑客组织 Lazarus Group 受到了严格审查。该报告详细记录了该组织实施的 25 起独立黑客攻击，导致非法获取价值超过 2 亿美元的加密货币。

The Lazarus Group's Crypto Heist: Modus Operandi

拉撒路集团的加密货币抢劫：作案手法

Over the past several years, Lazarus Group has orchestrated a series of high-profile cryptocurrency heists, targeting both individuals and companies. In 2020 alone, the group successfully breached the hot wallets of several crypto exchanges, including Coinberry and CoinMetro, stealing a combined sum of over $1.1 million in Bitcoin (BTC) and Ether (ETH).

在过去的几年里，拉撒路集团精心策划了一系列引人注目的加密货币抢劫案，目标包括个人和公司。仅在 2020 年，该组织就成功攻破了 Coinberry 和 CoinMetro 等多家加密货币交易所的热钱包，窃取了总计超过 110 万美元的比特币 (BTC) 和以太币 (ETH)。

Laundering the Proceeds: A Winding Path

洗钱收益：一条曲折的道路

Lazarus Group employed a sophisticated laundering scheme to conceal the illicit funds obtained through these hacks. The stolen cryptocurrency was initially consolidated into a single address before being gradually moved through Tornado Cash, an Ethereum-based privacy mixer. Despite Tornado Cash's reputation for obfuscating transaction trails, ZachXBT managed to trace the movement of these funds, leveraging their unique characteristics upon withdrawal.

拉撒路集团采用了复杂的洗钱计划来隐藏通过这些黑客行为获得的非法资金。被盗的加密货币最初被整合到一个地址中，然后逐渐通过基于以太坊的隐私混合器 Tornado Cash 转移。尽管 Tornado Cash 因交易轨迹混乱而闻名，但 ZachXBT 仍利用其提款时的独特特征，成功追踪了这些资金的动向。

Over the subsequent two years, the laundered cryptocurrency was commingled with funds from other Lazarus Group thefts and transferred to peer-to-peer (P2P) crypto marketplaces, such as Paxful and Noones, in the form of Tether (USDT).

在接下来的两年里，经过洗钱的加密货币与 Lazarus 集团其他盗窃案的资金混合在一起，并以 Tether (USDT) 的形式转移到 Paxful 和 Noones 等点对点 (P2P) 加密货币市场。

Freezing the Assets: International Collaboration

冻结资产：国际合作

In a significant development, a portion of the stolen funds was frozen in November 2023, with an undisclosed amount subsequently frozen by centralized exchanges in the fourth quarter of 2023. Additionally, three of four stablecoin issuers seized approximately $3.4 million held in a group of addresses associated with Lazarus Group.

一项重大进展是，部分被盗资金于 2023 年 11 月被冻结，具体金额随后被中心化交易所于 2023 年第四季度冻结。此外，四分之三的稳定币发行人查获了一组地址中持有的约 340 万美元与拉撒路集团有关联。

Chinese OTC Desks: A Historic Nexus

中国场外交易柜台：历史性的联系

The report also sheds light on Lazarus Group's use of Chinese over-the-counter (OTC) desks, including Wu Huihui, to facilitate the conversion of cryptocurrency into fiat (local currency). In April 2023, the US Department of Justice (DOJ) unsealed an indictment against Wu, alleging his involvement in financial transactions with the Democratic People's Republic of Korea (DPRK).

该报告还披露了 Lazarus Group 使用包括吴慧慧在内的中国场外交易 (OTC) 柜台来促进加密货币兑换为法定货币（当地货币）的情况。 2023 年 4 月，美国司法部 (DOJ) 公布了对吴的起诉书，指控他参与与朝鲜民主主义人民共和国 (DPRK) 的金融交易。

Lazarus Group's Impact: A Far-Reaching Threat

拉撒路集团的影响：深远的威胁

The report underscores the pervasive impact of Lazarus Group attacks on the crypto ecosystem. Thousands of individuals and organizations have been directly or indirectly affected by their malicious activities, and this number is anticipated to grow.

该报告强调了拉撒路集团攻击对加密生态系统的普遍影响。数以千计的个人和组织直接或间接受到其恶意活动的影响，并且预计这个数字还会增长。

Additional Analysis: Quantifying the Damage

附加分析：量化损害

Elliptic, a leading blockchain analytics firm, revealed that Lazarus Group was responsible for crypto heists amounting to over $300 million in 2022 alone. As of September 2023, the group reportedly held approximately $47 million worth of cryptocurrency in its wallets.

领先的区块链分析公司 Elliptic 透露，Lazarus Group 仅在 2022 年就实施了价值超过 3 亿美元的加密货币盗窃案。据报道，截至 2023 年 9 月，该组织的钱包中持有价值约 4700 万美元的加密货币。

Conclusion

结论

ZachXBT's report provides a comprehensive and detailed account of Lazarus Group's cryptocurrency laundering activities. The findings underscore the group's sophisticated tactics, extensive network, and reliance on privacy-enhancing technologies to evade detection. This report serves as a timely reminder of the ongoing threat posed by North Korea's cybercrime operations in the digital asset realm.

ZachXBT 的报告全面详细地介绍了 Lazarus 集团的加密货币洗钱活动。调查结果凸显了该组织复杂的策略、广泛的网络以及依赖隐私增强技术来逃避检测。该报告及时提醒人们朝鲜在数字资产领域的网络犯罪活动所构成的持续威胁。