The U.S. Justice Department has announced it is seeking the forfeiture of $2.7 Million in crypto Bitcoin stolen by North Korean group the Lazarus Group — with Tornado Cash active between some transaction destinations(outputs). The step underscores the continuing struggle between authorities and black-hat hackers who often use cryptocurrency sites for illegal deeds.

The infamous hacking group Lazarus Group, which is believed to be responsible for multiple high-level crypto hacks, has also been tied to both the Deribit and Stake pilferages. com. These are the two instances on which the latest forfeiture action of the U.S. government is also centered in which $28+ million was taken from Deribit in November 2022 and $41M from Stake.com in September 2023. Approximately $1.7 million in Tether (USDT) and $970,000 in Avalanche-bridged Bitcoin (BTC) were stolen from these hacks, which were recovered by freezing the funds, as advocated by law enforcement.

 

Tracing the Funds: From Deribit to Tornado Cash

After stealing from Deribit, the Lazarus Group laundered their stolen funds via Tornado Cash — a privacy-enhancing coin-mixing service designed to obscure transactions. The hackers then moved the assets to Tornado Trees from -> they minted Tether and sent it to Vires Finance again through Tornado Trees, where it was transformed back into ERC20 tokens. They used this to effectively turn those assets into Tron-issued Tether. Investigators were able to follow the money by looking into trends in Ethereum wallets connected to laundered fund flows, including threats that had exploited equivalent cross-chain bridges and similar finances.

Lazarus Crypto Heist Hits a Roadblock as U.S. Recovers $2.7 Million in Bitcoin

Five wallets from the hack were identified, with a total of $1.7 million in USDT frozen by law enforcement despite attempts by the Lazarus Group to cover its tracks. While these seizures only account for a small portion of the total $28 million plundered, it is indeed a massive win for law enforcement as they continue to try and trace stolen crypto assets.

Stake.com Hack and the Role of Mixers

The Lazarus Group struck again, this time successfully hacking into Stake.com casino in September 2023, winning $41 million. The syndicate laundered the stolen funds in two phases, first by exchanging the stolen money into Bitcoin via Avalanche Bridge. The alleged perpetrators then conducted the BTC through two Bitcoin mixers—Sinbad and Yonmix—in order to make it even more difficult to keep track of its origin before converting it into stablecoins such as Tether. However, this laundering process was quite elaborate, but law enforcement did manage to freeze about 0.099 BTC — a drop in the ocean as far as most cryptocurrency-related crimes are concerned, but at least it is something.

The involvement of mixers like Tornado Cash, Sinbad, and Yonmix in these laundering schemes underscores the challenges authorities face in tracking Bitcoin and other cryptocurrencies across multiple chains. However, recent advances in blockchain forensics have allowed investigators to trace even these complex transactions, providing law enforcement with the tools to recover some stolen assets.

Broader Implications and Future Outlook

The Lazarus Group has been implicated in a number of other prominent crypto swindlers, including the $235 million pillage on WazirX in July 2024. Given growing concerns related to North Korean hackers leveraging digital currencies as part of their operations, Bitcoin and other cryptocurrencies have been a consistent thread in their finances.

While the recovery of stolen crypto worth $2.7 million is a laudable achievement, it amounts to only a tiny fraction of the state-sponsored Lazarus Group’s larger activities. The group is still active and continues to target cryptocurrency exchanges and services. Bitcoin — given its decentralized scope as one of the most used virtual currencies on blockchains, is an essential asset for this organization and adds to growing calls for stricter security in the crypto realm.

This move by the US government is only further evidence of a growing trend: The ongoing international cooperation to fight alleged cybercrime, especially when cryptos rallied. Sophisticated monitoring tools and blockchain analysis to follow the money, but hackers are constantly finding new ways to launder funds.

 

The Final Thoughts

The story of the case reiterates the double-edged sword that is Bitcoin and other cryptocurrencies—capable of huge innovation and financial freedom but also providing space for bad-faith actors who look to exploit it. Tornado Cash is not the first mixer that Lazarus Group has used for obfuscation, demonstrating how Bitcoin still plays a crucial role in the cybercriminal toolbox. The battle between law enforcement and hackers will likely escalate as authorities develop more sophisticated ways to trace and recover stolen funds, the report said, with Bitcoin at the heart of the fight.

Stay in touch with TheBITJournal follow on Twitter and LinkedIn, and join the Telegram channel to be instantly informed about breaking news!