Immunefi notes Lazarus hackers’ increased interest in centralized projects

In 2023, Lazarus, a hacker group affiliated with the DPRK authorities, conducted five successful attacks on crypto projects, earning $308,6 million or 17,6% of the total industry losses. It is noteworthy that all the projects affected by Lazarus belong to the centralized finance (CeFi) sector, while previously the group focused on decentralized protocols (DeFi). Between June and September, Lazarus attacked wallet provider Atomic Wallet, payment system Alphapo, betting platform Stake com, and CoinsPaid and CoinEx exchanges.

According to a report by specialists at Immunefi, a platform designed to find vulnerabilities in DeFi protocols and smart contracts, Lazarus stole more than $1,9 billion in digital assets from crypto projects from 2021 to 2023 in total. At the same time, in previous years, North Korean hackers attacked exclusively DeFi protocols, and the hacks of the Ronin crosschain and Poly Network are still the largest in the industry. The projects’ losses amounted to $650 million and $600 million, respectively.

As Immunefi writes, the size of Lazarus is not estimable, but it is known that the group is controlled by the DPRK government. Moreover, the US government said that the stolen cryptocurrencies are used to finance the DPRK’s illegal programs to create weapons of mass destruction, including nuclear bombs and ballistic missiles.

The US Treasury Department has already placed on the sanctions list three cryptocurrency mixers used by Lazarus to launder stolen assets, and the National Security Council has begun cooperating with South Korea and Japan to combat hackers.

Lazarus began operations in 2009 and before the massive growth of the crypto market, its scope of interest included various corporations and financial institutions. High-profile incidents from that period included the Sony Pictures hack in 2014 and the attack on the Bangladesh Central Bank in 2016, as well as the launch of the WannaCry ransomware in 2017.

The latter was one of the largest of its kind, with the virus infiltrating 230 000 computers in 150 countries in a matter of hours. It demanded up to $600 in bitcoins from victims to unlock files on a device. That same year, the group refocused on cryptocurrency and attacked South Korean exchanges Bithumb and Youbit (which later went bankrupt), as well as cloud mining service Nicehash.

Immunefi CEO Mitchell Amador called Lazarus the most serious threat to the Web 3.0 sector. He notes that members of the group are improving their skills in exploiting vulnerabilities in infrastructure and smart contracts, as well as social engineering.

It is noted that the group includes graduates of Kim Chaek University of Technology and Kim Il Sung University. Some of the future Lazarus hackers are being trained in Shenyang, China.