朝鲜拉撒路集团利用被盗加密货币洗钱超过 2 亿美元

臭名昭著的朝鲜国家支持的黑客组织 Lazarus Group 在 2020 年至 2023 年间通过超过 25 次黑客攻击，洗掉了价值超过 2 亿美元的被盗加密资产。该组织利用加密货币混合服务和点对点市场将被盗资金转换为法定货币货币。

North Korean Lazarus Group Launders Over $200 Million in Stolen Cryptocurrency

朝鲜拉撒路集团洗钱超过 2 亿美元被盗加密货币

Washington, D.C. - The Lazarus Group, a notorious North Korean state-backed hacking collective, has laundered over $200 million worth of cryptocurrency stolen from various crypto exchanges and platforms between 2020 and 2023, according to a comprehensive analysis published on April 29th by ZachXBT, a renowned pseudonymous on-chain researcher.

华盛顿特区 - 根据 ZachXBT 4 月 29 日发布的综合分析，臭名昭著的朝鲜国家支持的黑客组织 Lazarus Group 在 2020 年至 2023 年间洗白了从各种加密货币交易所和平台窃取的价值超过 2 亿美元的加密货币。著名的匿名链上研究员。

Lazarus Group: A History of Cryptocurrency Theft

拉撒路集团：加密货币盗窃的历史

The Lazarus Group has been operating for over a decade, emerging in 2009 and perpetrating numerous high-profile crypto hacks. Between 2017 and 2023 alone, the group has stolen over $3 billion in digital assets, solidifying its status as one of the most formidable and prolific cybercriminal organizations targeting the cryptocurrency industry.

Lazarus 集团成立于 2009 年，已经运营了十多年，并实施了许多引人注目的加密货币黑客攻击。仅在 2017 年至 2023 年间，该组织就窃取了超过 30 亿美元的数字资产，巩固了其作为针对加密货币行业的最强大、最多产的网络犯罪组织之一的地位。

Modus Operandi: Cryptocurrency Mixing and Peer-to-Peer Marketplaces

操作方式：加密货币混合和点对点市场

To launder the stolen crypto assets, the Lazarus Group employed a combination of cryptocurrency mixing services and peer-to-peer (P2P) marketplaces, a technique commonly used by cybercriminals to obscure the origin and ownership of illicit funds.

为了洗钱被盗的加密资产，拉撒路集团采用了加密货币混合服务和点对点（P2P）市场的组合，这是网络犯罪分子通常用来掩盖非法资金的来源和所有权的技术。

ZachXBT's analysis identified specific accounts on Noones and Paxful, two prominent P2P marketplaces, that received funds from the hacks and were subsequently used to convert the stolen cryptocurrency into fiat currency.

ZachXBT 的分析确定了 Noones 和 Paxful（两个著名的 P2P 市场）上的特定账户，这些账户从黑客那里获得了资金，并随后用于将被盗的加密货币转换为法定货币。

Traceable Activity: Paxful and Noones Accounts

可追踪活动：Paxful 和 Noones 账户

The investigation revealed that the Lazarus Group laundered at least $44 million through these two marketplaces, using two specific usernames: "EasyGoatfish351" and "FairJunco470." These accounts exhibited significant deposits and trading volumes, consistent with the stolen funds.

调查显示，Lazarus 集团通过这两个市场使用两个特定用户名“EasyGoatfish351”和“FairJunco470”洗钱至少 4400 万美元。这些账户显示出大量存款和交易量，与被盗资金一致。

USDT Stablecoin: A Key Intermediate

USDT 稳定币：关键中间体

Analysis further indicates that the stolen funds were initially converted into the USDT (USDT) stablecoin, a popular digital currency pegged to the value of the US dollar. The USDT was then exchanged for cash and withdrawn.

分析进一步表明，被盗资金最初被转换为泰达币（USDT）稳定币，这是一种与美元价值挂钩的流行数字货币。然后USDT兑换成现金并提取。

China-Based OTC Traders: Facilitating Crypto-to-Fiat Conversions

中国的场外交易商：促进加密货币到法定货币的转换

Historically, the Lazarus Group has relied on China-based over-the-counter (OTC) traders to facilitate the conversion of cryptocurrencies into fiat currency. These traders operate outside of traditional financial institutions, providing anonymity and flexibility for illicit transactions.

从历史上看，Lazarus Group 一直依赖中国的场外交易 (OTC) 交易商来促进加密货币兑换为法定货币。这些交易者在传统金融机构之外开展业务，为非法交易提供匿名性和灵活性。

Blacklisting of Stolen Funds

被盗资金列入黑名单

In November 2023, Tether, a leading stablecoin issuer, blacklisted over $374,000 worth of stolen funds. Subsequently, three out of four stablecoin issuers collectively blacklisted an additional $3.4 million held in a cluster of addresses linked to the Lazarus Group.

2023 年 11 月，领先的稳定币发行商 Tether 将价值超过 374,000 美元的被盗资金列入黑名单。随后，四分之三的稳定币发行人集体将与 Lazarus 集团相关的一组地址中持有的另外 340 万美元列入黑名单。

Lazarus Group's Share of Stolen Crypto in 2023

Lazarus Group 2023 年被盗加密货币份额

In 2023, the Lazarus Group accounted for approximately $309 million, or 17%, of the total $1.8 billion worth of cryptocurrency stolen through hacks and exploits, as reported by Immunefi in December 2023.

据 Immunefi 于 2023 年 12 月报道，2023 年，Lazarus 集团通过黑客和漏洞窃取的加密货币总额约为 3.09 亿美元，占 18 亿美元的 17%。

LinkedIn Attacks: Expanding Tactics

LinkedIn 攻击：扩大策略

Recent reports from blockchain security analytics firm SlowMist indicate that the Lazarus Group has expanded its tactics to include targeted malware attacks on LinkedIn users with the intent of stealing digital assets.

区块链安全分析公司 SlowMist 最近的报告表明，Lazarus 集团已扩大其策略，包括针对 LinkedIn 用户进行有针对性的恶意软件攻击，目的是窃取数字资产。

Ronin Bridge Hack: A Notable Heist

Ronin Bridge Hack：一次著名的抢劫

One of the most significant heists orchestrated by the Lazarus Group was the 2022 Ronin Bridge hack, which resulted in the theft of approximately $625 million worth of cryptocurrency. This attack highlighted the group's sophisticated capabilities and willingness to target high-value crypto assets.

Lazarus 集团策划的最重大抢劫案之一是 2022 年 Ronin Bridge 黑客事件，导致价值约 6.25 亿美元的加密货币被盗。这次攻击凸显了该组织的复杂能力和针对高价值加密资产的意愿。

Conclusion

结论

The Lazarus Group continues to pose a significant threat to the cryptocurrency industry, demonstrating its ability to adapt to evolving technologies and exploit vulnerabilities in crypto exchanges and platforms. Governments, law enforcement agencies, and the cryptocurrency community must remain vigilant in their efforts to combat the illicit activities of this persistent and highly skilled cybercriminal organization.

Lazarus 集团继续对加密货币行业构成重大威胁，展示了其适应不断发展的技术并利用加密货币交易所和平台中的漏洞的能力。各国政府、执法机构和加密货币社区必须保持警惕，努力打击这个顽固且技术精湛的网络犯罪组织的非法活动。