CryptosHeadlines.com - The Leading Crypto Research Network

The North Korean hacking group has gathered about $47 million in cryptocurrency. This includes Bitcoin, Ether, Binance Coin, and different stablecoins like Binance USD.
The Lazarus Group, a hacking collective from North Korea, has a massive $47 million in cryptocurrency, with most of it in Bitcoin. This information comes from data collected by Dune Analytics, a company linked to 21Shares. The wallets connected to the Lazarus Group contain approximately $42.5 million in Bitcoin, $1.9 million in Ether, $1.1 million in Binance Coin (BNB), and an extra $640,000 in stablecoins, mainly BUSD.However, it’s worth noting that this amount of cryptocurrency seems to have decreased from $86 million, which the group held on September 6, shortly after their involvement in the Stake.com hack.
The Dune dashboard keeps tabs on 295 wallets recognized by the U.S. Federal Bureau of Investigation (FBI) and the Office of Foreign Assets Control (OFAC) as belonging to the hacking group.

Lazarus Group crypto holdings. Source: Dune Analytics
Lazarus Group’s Crypto Choices and Activity
Surprisingly, the Lazarus Group doesn’t use privacy coins like Monero, Dash, or Zcash, which are usually harder to track. Despite this, their crypto wallets are still very active, with their latest transaction recorded on September 20. It’s worth noting that the group’s actual cryptocurrency holdings are likely much higher than what’s publicly known.
The FBI has pointed fingers at the Lazarus Group for hacking Alphapo, CoinsPaid, and Atomic Wallet, resulting in a combined theft of over $200 million in 2023.
According to Chainalysis, crypto thefts by North Korea-linked hackers have decreased significantly by 80% compared to 2022. As of mid-September, these groups had stolen a total of $340.4 million in cryptocurrency, down from the record $1.65 billion stolen in digital assets in 2022.
Recently, U.S. federal authorities issued a warning about a “significant risk” of potential attacks by the Lazarus Group on U.S. healthcare and public health sector organizations.Just recently, U.S. federal authorities issued a warning about a “significant risk” of potential attacks by the Lazarus Group on U.S. healthcare and public health sector organizations.
Important: Please note that this article is only meant to provide information and should not be taken as legal, tax, investment, financial, or any other type of advice.

#Bitcoin #CryptoNews #LazarusGroup #Northkorea

CryptosHeadlines.com - The Leading Crypto Research Network

The North Korean-backed Lazarus Group, 66th largest TRON (TRX) holder at $11.63 million. They reportedly have $45.8 million in crypto, mainly in Bitcoin ($42M) and $640,000 in stablecoins. Suspected to fund North Korea’s missile program, they stole nearly $200 million in June and July. The Lazarus Group, a hacking collective linked to North Korea, has emerged as a significant TRON whale, as per blockchain data. Lately, they’ve been busy making unlawful profits from cryptocurrency platforms. On September 26, PeckShield, a blockchain security company, revealed that the CoinEx Drainer, linked to them, possesses more than 137 million TRX, worth about $11.63 million.
Expanding Holdings of the Lazarus Group

CoinEx Drainer crypto holdings. Source: X/@PeckShieldAlert
On September 12, there was a hack at CoinEx, and they lost about $55 million. Interestingly, around a fifth of that money was in TRX, which is Tron’s native token. Right now, TRX is trading at $0.084, and it’s gone up by 8% in the last two weeks.
Now, here’s the kicker: The hacking group behind this is Lazarus from North Korea. A blockchain security firm called SlowMist figured that out. But, CoinEx got back on its feet and allowed deposits and withdrawals for some cryptocurrencies on September 21.
According to a Dune Analytics dashboard from 21 Shares, which is like a parent company, the Lazarus group has about $45.8 million in crypto right now. They had a lot more earlier in the year, over $80 million, but that was mostly because of a $41 million hack on Stake.com. While they do have a bunch of TRX, most of their stash is in Bitcoin, around $42 million worth.

Lazarus Group crypto balance over time. Source: Dune Analytics
Additionally, they’ve got $640,000 in stablecoins, with a focus on Binance USD (BUSD).
The FBI says that Lazarus swiped nearly $200 million from Atomic Wallet, Alphapo, and CoinsPaid in June and July.
Experts often mention that they’ve been using their stolen crypto money to support North Korea’s missile program.
Hacking Spree Persists
Crypto security experts at Elliptic have been keeping a close eye on Lazarus, and what they’ve found is quite alarming. In just 104 days, Lazarus launched five attacks and made off with a staggering $240 million.
What’s interesting is that some of the money stolen from CoinEx ended up in an address that had previously been used to hide funds taken from Stake. It seems Lazarus has changed its tactics this year.According to Elliptic, Lazarus is now more interested in targeting centralized services instead of decentralized ones. Plus, they’ve become quite crafty with their methods. They prefer to trick people through social engineering, especially employees at centralized crypto companies, using sophisticated phishing attacks with their Lazarus malware. Be careful out there!
Important: Please note that this article is only meant to provide information and should not be taken as legal, tax, investment, financial, or any other type of advice.

#CryptoNews #LazarusGroup #TRON #TRX #CoinEx

In a chilling revelation, Elastic Security Labs, a prominent cybersecurity research firm, has unearthed a sophisticated cyber intrusion believed to be orchestrated by North Korean hackers associated with the infamous Lazarus group. This highly advanced operation, codenamed REF7001, unfolded in an unexpected manner, involving a newly identified macOS malware named Kandykorn. What sets this intrusion apart is its specific focus on blockchain engineers engaged in the cryptocurrency exchange sector. The malware's method of distribution, as well as its intricacies, have raised eyebrows in the cybersecurity community.

The Intricate Dance of Kandykorn
The Kandykorn malware employed in this cyber operation is far from ordinary. It initiates communication with a command-and-control (C2) server through an encrypted RC4 connection and boasts a unique handshake mechanism. However, its most striking feature is its patience – it quietly waits for instructions, enabling the hackers to discreetly control the compromised systems.
Elastic Security Labs has provided valuable insights into the capabilities of Kandykorn, highlighting its proficiency in performing a range of tasks, including file uploads and downloads, process manipulation, and executing arbitrary system commands. Moreover, the malware employs a technique known as reflective binary loading, a fileless execution method often associated with the notorious Lazarus Group.

The Lazarus Group Connection
Extensive evidence links this cyberattack to the Lazarus Group, a hacking collective believed to be based in North Korea. The connections between this intrusion and previous Lazarus Group activities are striking. These include similarities in attack techniques, shared network infrastructure, the use of specific certificates to sign malicious software, and custom methods utilized to detect Lazarus Group operations.
The web of connections goes further, with on-chain transactions revealing ties between security breaches at prominent cryptocurrency platforms like Atomic Wallet, Alphapo, CoinsPaid, Stake.com, and CoinEx. This evidence solidifies the belief in the Lazarus Group's involvement in these cyber exploits, raising concerns about their continued efforts in the cryptocurrency space.
The Imperative of Robust Cybersecurity Measures

Elastic Security Labs' findings serve as a stark reminder of the importance of implementing robust cybersecurity measures. As the cryptocurrency industry continues to expand and gain prominence, it becomes an increasingly attractive target for cybercriminals. Protecting against sophisticated threats like Kandykorn and the Lazarus Group necessitates a multi-faceted approach, involving rigorous network monitoring, intrusion detection, and employee awareness.
In an era where data breaches and cyberattacks are not a matter of "if" but "when," the need for proactive and comprehensive cybersecurity strategies is paramount. The Lazarus Group's latest intrusion into the cryptocurrency sector serves as a wake-up call, urging the industry to remain vigilant and committed to safeguarding the digital assets and technologies that underpin this evolving financial landscape.
#LazarusGroup #northkorea
$BTC $ETH $XRP