The U.S. Department of Justice has filed a lawsuit to seize $2.67 million in cryptocurrency, including Tether (USDT) and Avalanche-bridged Bitcoin (BTC.b). The government claims these funds were frozen during attempts by North Korean hackers to launder stolen assets.
Recovered Funds from Deribit and Stake.com Hacks
The U.S. government successfully recovered $1.7 million in Tether from the hack of the Deribit crypto exchange in November 2022, and $970,000 in BTC.b from the hack of the online casino Stake.com in September 2023.
Lazarus Group and Money Laundering Through Tornado Cash
The first lawsuit, filed by U.S. prosecutors, focuses on how the Lazarus Group laundered stolen funds from the Deribit hack using the crypto mixer #TornadoCash . Part of the $28 million stolen was tracked, eventually ending up as Tether on the Tron blockchain. U.S. authorities traced the funds by analyzing similarities between several Ethereum wallets that made near-simultaneous transactions and used the same cross-chain bridges.
Hackers attempted to launder the stolen funds in three waves. While the first two attempts were blocked when law enforcement froze some of the funds, the third attempt succeeded. U.S. authorities managed to freeze about $1.7 million in USDT from five wallets.
Stake.com, Sinbad, and Yonmix Bitcoin Mixers
The second lawsuit concerns the Lazarus Group’s $41 million hack of Stake.com, where the #hackers laundered the funds in three phases: converting funds to BTC via the Avalanche Bridge, moving the stolen BTC through mixers like Sinbad and Yonmix, and eventually converting BTC to #Stablecoins such as USDT. Authorities were able to freeze some funds during the first and third phases.
In the first phase, authorities froze funds from multiple transactions that involved converting stolen assets into native tokens like Polygon's MATIC and Binance Smart Chain’s BNB, before bridging them into Bitcoin through the Avalanche Bridge. Despite government intervention, hackers managed to move most of the stolen assets to the Bitcoin blockchain. Once on #bitcoin☀️ , they used the mixers Sinbad and Yonmix, which operate similarly to Tornado Cash on Ethereum, to further obscure the funds' movements. However, authorities were only able to recover a small amount, approximately $6,270 worth of Bitcoin.
Lazarus Group Remains Active
While law enforcement has improved its ability to trace and seize illegal cryptocurrency, the #Lazarus Group remains active. Recently, they were implicated in an attack on the Indian crypto exchange WazirX, in which they allegedly stole $230 million worth of assets.