Lazarus Group Moves to YoMix Bitcoin Mixer for Money Laundering
The dreaded North Korean hacker collective Lazarus Group has recently switched to using the YoMix Bitcoin mixer for laundering stolen funds, following the crackdown on the Sinbad mixer. Known for carrying out some of the largest crypto heists in history, Lazarus Group has targeted numerous crypto firms over the years.
YoMix Provides an Alternative for Lazarus Group
A report by blockchain analytics firm Chainalysis revealed that Lazarus Group has shifted its money laundering operations from the Sinbad mixer to YoMix. The group has adopted new money laundering techniques and is increasingly utilizing cross-chain bridges to hide the origins of the stolen cryptocurrencies.
Lazarus Group previously used services like Tornado Cash and the Sinbad Mixer for laundering funds. However, according to Chainalysis, the group has now turned to a new mixer, YoMix. Lazarus Group is infamous for its involvement in high-profile hacks, including those targeting Coincheck, Harmony, and Atomic Wallet.
Significant Increase in Funds Flowing Through YoMix
Chainalysis reported a significant surge in funds flowing through the YoMix mixer, with a five-fold increase in inflows. More than one-third of these funds originated from wallets associated with crypto hacks, indicating a heavy reliance on YoMix by bad actors seeking to obscure the source of their funds.
This transition to YoMix showcases the adaptability of threat actors, who quickly adapt their tactics in response to evolving security measures and the closure of previously popular avenues. Chainalysis also observed a shift towards less centralized money laundering practices at the deposit level, even as laundering activities become more centralized at the service level. This suggests that criminals are diversifying their laundering activities across multiple services or deposit addresses.
Utilization of Cross-Chain Bridges by Lazarus Group
In addition to adopting new mixing protocols, Lazarus Group has started utilizing cross-chain bridges to facilitate the seamless flow of funds across different blockchain networks. According to Chainalysis, cybercriminals transferred $743.8 million worth of crypto from addresses associated with hacks using cross-chain bridges in 2023, double the amount from the previous year.
Despite a decrease in the total amount of funds laundered compared to the previous year, the use of cross-chain bridges and other obfuscation techniques remains popular among cybercriminals. Chainalysis noted a decline in the popularity of traditional mixing services, which received $504.3 million worth of crypto in contrast to $1 billion in 2022. This decline can be attributed to the efforts of law enforcement and regulators.
“Much of this is likely due to law enforcement and regulatory efforts, such as the sanctioning and shutdown of the Sinbad mixer in November 2023.”
The shift to YoMix by Lazarus Group highlights the need for constant vigilance and updated security measures in the cryptocurrency space. As threat actors adapt and find new avenues for money laundering, it is crucial for authorities, cybersecurity experts, and the crypto community to stay ahead and effectively combat such illicit activities.
By
By
By
By