- Lazarus Group now holds 13,518 BTC worth $1.13 billion following the $1.5 billion Bybit hack, according to Arkham Intelligence.
- Blockchain firm CertiK traced 400 ETH, worth $750,000, from Lazarus to Tornado Cash on March 13 for laundering.
- OKX suspended its Web3 DEX aggregator on March 17 after detecting Lazarus-linked misuse and implementing a real-time tracking system.
The Lazarus Group, linked to the recent $1.5 billion Bybit hack, now controls 13,518 BTC, valued at approximately $1.13 billion. According to Jason’s post on X, the cybercrime group has accumulated significant digital assets, further expanding its presence in the cryptocurrency space.
Lazarus Among Top Bitcoin Holders
BitBO reports that Lazarus Group’s Bitcoin holdings surpass those of Bhutan and El Salvador, which currently hold 13,029 BTC and 6,089 BTC, respectively. If North Korea’s government has access to these funds, it would position the nation as the fifth-largest state-linked holder of Bitcoin, behind the United States, China, the United Kingdom, and Ukraine.
Beyond Bitcoin, Lazarus-linked wallets also contain 13,702 ETH, worth around $26 million, along with 5,022 BNB, valued at $3 million. Additional assets include $2.2 million in DAI and other stablecoins. Arkham Intelligence detected recent conversions of stolen ETH into BTC, indicating ongoing movement of assets.
Laundering Attempts and Malware Deployment
Blockchain security firm CertiK identified that Lazarus deposited 400 ETH, worth about $750,000 at the time, into Tornado Cash on March 13. The firm traced these funds to prior activity on the Bitcoin network.
Meanwhile, cybersecurity firm Socket uncovered six new malware packages linked to Lazarus. These programs target cryptocurrency wallets like Solana and Exodus, using a tactic where malicious software is embedded in JavaScript libraries. The malware, named “BeaverTail,” aims to infiltrate developer environments, steal credentials, and extract digital assets.
Crypto exchange OKX suspended its Web3 decentralized exchange aggregator on March 17. The platform detected coordinated misuse of its DeFi services by Lazarus. The company has since implemented a system to track and block hacker-related addresses in real-time.
Bloomberg previously reported that OKX’s DEX aggregator was used to launder $100 million in crypto linked to Lazarus and the Bybit hack. The group’s ongoing activities underscore the challenges crypto platforms face in preventing illicit transactions.
