Blog

Lazarus 400 ETH group sends to Tornado Cash, and publishes new harmful programs

Photo of cryptobizinvest.com cryptobizinvest.com Send an email 4 hours ago
0 0 1 minute read


The piracy group that followed North Korea, the Lazaros group was transporting encryption assets using mixers after a series of prominent breaches.

On March 13, Blockchain Center Alert Her followers X, who discovered a deposit of 400 ETH (EthIt is worth about $ 750,000 to the Tornado cash mixing service.

“The Fund follows the activity of the lazarus group on the Bitcoin network.”

It was the North Korean Piracy group responsible For large Bybit Exchang Hack This led to the theft of $ 1.4 billion encryption assets on February 21.

It was also linked to 29 million dollars PhenEx Excination Hack In January, the assets have been washed since then.

Lazarus Group Crypto Asset Movements. source: certificate

Lazarus has also been linked to some of the most famous piracy accidents, including $ 600 million Ronin the hacking network In 2022.

North Korean infiltrators stole more than $ 1.3 billion of encryption assets in 47 accidents in 2024, more than twice thefts in 2023, According to To analysis data.

Lazarus New Lazarus programs have been discovered

According to researchers at Society Cyblessecurity Societ, at Lazarus Group Deployed Six new harmful packages to infiltrate developers environments, stealing accreditation data, extracting cryptocurrency data and installing rear devices.

The ecosystem of the NPM manager, a large group of Javascript packages and libraries.

Researchers have discovered malware called “BeaverTail” included in packages that simulate legitimate libraries using tactics or typographical packing methods used to deceive developers.

They added: “Through these packages, Lazarus uses names that closely mimics legitimate and reliable libraries.”

Related to: Inside the money laundering strategy, Lazaros Group

the Harmful programs It also targets the weeping currency portfolios, specifically the Solana and Exodus portfolios.

An extract symbol shows the attacks of Solana portfolio. Source: Maqbal

The attack targets files in Google Chrome, Brave and Firefox browsers, as well as the MacOS key series, specifically for developers who may install malignant beams in particular.

The researchers noticed that this attack is permanently attributed to Lazaros still a challenge; However, “tactics, techniques and procedures that have been observed in this NPM attack are closely in line with the well -known Lazaros operations.”

magazine: MySESEY CELEBIMECOIN Scam Factory, HK FIRM DOMPS Bitcoin: Asia Express