US gov files complaint to seize assets from North Korean hackers


The United States government filed two legal complaints on October 4, 2024, to begin seizing more than $2.67 million in digital assets stolen by the North Korean Lazarus hacking group.

According to the legal filings, the US government seeks to recover approximately $1.7 million in Tether (USDT) stolen by the organization in the 2022 Deribit hack — which left the options exchange drained of $28 million.

Once the hackers successfully breached a Deribit hot wallet, they passed the funds through the Tornado Cash mixer and several Ethereum (ETH) addresses in an attempt to avoid detection.

US government asset seizure filing. Source: PACER.

United States law enforcement officials also filed to recover roughly $970,000 in Avalanche-bridged-Bitcoin (BTC.b) stolen as a result of the Lazarus Group’s 2023 hack of the Stake.com gambling platform. The malicious attack left Stake with more than $41 million in losses.

Related: Hackers got away with $440M in 28 exploits in Q3: Report

Lazarus Group the likely culprit behind many crypto hacks

The Deribit and Stake.com hacks represent only a small fraction of attacks linked to the North Korean Lazarus Group. Onchain sleuths believe the July 2024 hack of the popular WazirX exchange, which left the platform drained of approximately $235 million was perpetrated by the Lazarus Group.

A concerning Aug. 15 report from onchain detective ZackXBT also uncovered a network of North Korean developers, who have infiltrated at least 25 crypto projects. The onchain sleuth revealed that the developers were using fake names to gain access to the projects to compromise code and loot treasuries. At the time, ZackXBT explained that all the developers identified were likely working for a single entity.

Federal Bureau of Investigation issues warning

The United States Federal Bureau of Investigation (FBI) issued a series of warnings about the Lazarus Group in September 2024 — starting with a warning about social engineering scams from the hacking group.

One of these scams involved sending out fake job offers and applications to unsuspecting users. Once the hackers built sufficient rapport with the unsuspecting victim and encouraged them to download malware disguised as employment documentation, the user would be subject to theft or the loss of sensitive personal data.

Magazine: $55M DeFi Saver phish, copy2pwn hijacks your clipboard: Crypto Sec