Popular cryptography detective Zachxbt reported that the victim was hacked on Tron, leading to a loss of around $3.19 million in USDT. The stolen USDT was moved to Ethereum before ETH was split into 10 addresses and deposited in tornado cash. Zachxbt attributes the hack to the infamous North Korean Lazarus group.
On-chain lens Disclosure Zachxbt discovered another malicious attack by a hacker, leading to a loss of USDT of around 3.9m on unknown victims. According to Tronscan, the USDT is transferred to the Ethereum blockchain where it is exchanged for ETH, split into 10 addresses, then deposited in tornado cash (96 x 10 ETH, 4 x 100 ETH, 78 x 1 ETH, 5 x 0.1 ETH).
Zachxbt pointed out that the hacker reused the stolen address from Michael Kong (Fantom/Sonic CEO) hack in October 2023.
On February 22, Zachxbt revealed that the Lazarus Group had chained Bibit Hacks directly to Phemex hacks to “mix” funds from the first theft addresses of both incidents.
Lazarus Group adds unknown victims to a long list of code thefts
Zach (@zachxbt) reported that the user was scamed by Tron’s Lazarus Group for about $3.2 million in USDT
The stolen funds have been transferred from #tron to #ethereum. Then I split $eth into 10 addresses and deposited it in tornado cash as follows: 96 x 10 ETH, 4 x 100 ETH, …pic.twitter.com/jrq03rtfla
– March 1, 2025
According to ZachxBT, the Lazarus group is suspected to have attacked again, this time targeting unknown victims of Tron and stealing USDT over 3.19m. The booty was quickly transferred to the Ethereum chain, exchanged for ETH, split into 10 addresses, then placed in tornado cash. Tronscan data showed that the hacker used two addresses, TYQ3455GFNEQYW and 0XCCED1276382F4D, sucking up 3,199,779 USDT from the victim with an address of TDNALDS1A1G6VYRU.
The malicious attacks stemming from North Korean hacking groups reportedly stole more than $1 billion from the Bibit exchange after a recent robbery stemming from a group suspected of linking in the state. Bybit was the victim of a record-breaking ~$1.5 billion Ethereum Hack. The North Korean Lazarus group was the leading suspect in a sophisticated attack, with hackers sneaking into Bybit’s cold wallet and stealing ETH of over 400K.
Elliptic research claims that Bybit Heist is undoubtedly the biggest code theft in history. The Lazarus Group is suspected of stealing more than $6 billion in crypto assets since 2017. The proceeds reportedly went to North Korea’s ballistic missile program.
The oval follows the pattern of the Lazarus group
According to Elliptic’s research, the Lazarus group followed a distinctive pattern and washed stolen Crypto Tokens. The first step was to exchange stolen tokens for “native” blockchain assets, such as ether. It is reportedly chosen this method. This is because some issuers can “freeze” wallets containing stolen assets, but the central party cannot freeze ether or bitcoin.
That was exactly what happened in minutes following the theft of Bibit and the latest Tronhack involving unknown victims. Hundreds of millions of stolen tokens have been exchanged for ETH. They used decentralized exchanges (DEX) to avoid the asset freeze that could occur when washing stolen funds using central exchanges (CEX).
According to an Elliptic report, the second step in the laundry process was to hide the transaction trail by “layering” stolen funds. These tiering tactics can complicate the tracing process and buy valuable time to buy a washing machine and acquire assets. The tiering process involves sending funds through numerous cryptocurrency wallets and transferring funds to other blockchains using cross-chain bridges or exchanges. It also includes other tactics, such as using DEXS to switch between different crypto assets, coin swap services, or using “mixers” such as tornado cash or Cryptomixer. The exchange also appeared as the main and ambitious facilitator of this laundry.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
