Lazarus Group

Lazarus Group Moves 400 ETH to Tornado Cash Amid New Malware Threats

The notorious Lazarus Group, a cybercriminal organization linked to North Korea, has once again made headlines for its latest illicit activities. 

The group recently transferred 400 ETH, valued at approximately $750,000, to Tornado Cash, a cryptocurrency mixing service used to obscure transaction histories. 

Lazarus Group

Lazarus Group Crypto Theft

Lazarus Group has been implicated in some of the largest cryptocurrency heists in history. These include the February 2025 Bybit exchange hack, which resulted in the theft of $1.4 billion in digital assets, as well as the 2022 Ronin network attack, in which $600 million was stolen. The group has also been linked to the January Phemex exchange breach, where it made off with $29 million.

According to blockchain analytics firm Chainalysis, North Korean hackers were responsible for stealing nearly $1.3 billion in cryptocurrency assets across 47 attacks in 2024, more than doubling the amount stolen in 2023. The group’s persistent involvement in cybercrime has solidified its reputation as one of the most formidable threats in the digital asset sector.

Also read: $1.4 Billion Bybit Hackers Now Tied to Solana Meme Coin Scams

The latest 400 ETH deposit into Tornado Cash was flagged by blockchain security firm CertiK, which noted that the funds could be traced back to Lazarus Group’s prior activities on the Bitcoin network. 

Cryptocurrency mixing services like Tornado Cash enable hackers to launder illicit funds, making it significantly harder for regulators and blockchain analysts to track stolen assets.

Lazarus Deploys New Malware Targeting Developers

In addition to laundering stolen funds, Lazarus has ramped up its cyberwarfare tactics. Researchers at cybersecurity firm Socket recently discovered six new malicious software packages designed to infiltrate developer environments, steal credentials, exfiltrate cryptocurrency wallet data, and install backdoors for future exploitation.

Also read: Tornado Cash Sanctions Dropped: A Major Win for Privacy in Crypto

The attack primarily targets the Node Package Manager (NPM) ecosystem, a widely used JavaScript package repository. Lazarus employs a technique known as “typosquatting,” where it creates malicious packages with names similar to legitimate libraries to deceive developers into downloading them. One identified malware variant, dubbed “BeaverTail,” specifically targets cryptocurrency wallets, including Solana and Exodus wallets.

Furthermore, the malware extends its reach to keychain data on macOS and credentials stored in web browsers such as Google Chrome, Brave, and Firefox. While attributing these attacks directly to Lazarus remains challenging, cybersecurity researchers note that the tactics, techniques, and procedures observed in this campaign closely align with the group’s known operations.

Heightened Cybersecurity Vigilance Needed

The latest activities of the Lazarus Group show the persistent and evolving threat posed by state-backed cybercriminal organizations. Their use of sophisticated laundering methods and advanced malware demonstrates the critical need for strong cybersecurity measures. 

Organizations and individuals alike must remain vigilant, adopt robust security solutions, and stay informed about emerging threats to safeguard their assets from these ever-evolving cyberattacks.

Author

  • Steven's passion for cryptocurrency and blockchain technology began in 2014, inspiring him to immerse himself in the field. He notably secured a top 5 world ranking in robotics. While he initially pursued a computer science degree at the University of Texas at Arlington, he chose to pause his studies after two semesters to take a more hands-on approach in advancing cryptocurrency technology. During this period, he actively worked on multiple patents related to cryptocurrency and blockchain. Additionally, Steven has explored various areas of the financial sector, including banking and financial markets, developing prototypes such as fully autonomous trading bots and intuitive interfaces that streamline blockchain integration, among other innovations.

    View all posts

Steven Walgenbach

Steven's passion for cryptocurrency and blockchain technology began in 2014, inspiring him to immerse himself in the field. He notably secured a top 5 world ranking in robotics. While he initially pursued a computer science degree at the University of Texas at Arlington, he chose to pause his studies after two semesters to take a more hands-on approach in advancing cryptocurrency technology. During this period, he actively worked on multiple patents related to cryptocurrency and blockchain. Additionally, Steven has explored various areas of the financial sector, including banking and financial markets, developing prototypes such as fully autonomous trading bots and intuitive interfaces that streamline blockchain integration, among other innovations.

You May Also Like

Elon Musk Refutes $500 Million Investment Claim in xAI Amidst Ongoing Valuation Discussions

Steven Walgenbach
revolut

Revolut Soars to $75B Valuation After Major Share Sale

Steven Walgenbach
Kraken

Kraken Levels the Playing Field with High-Frequency Trading for Everyone

Toheeb Kolade

Leave a Reply

Discover more from Ecoinimist

Subscribe now to keep reading and get access to the full archive.

Continue reading