The U.S. Attorney for the District of Columbia has filed two forfeiture actions aimed at recovering approximately $2.67 million in cryptocurrency stolen by North Korean hackers linked to the Lazarus Group. The seized funds were connected to two significant hacks: a $28 million theft from crypto options exchange Deribit and a $41 million heist from online crypto casino Stake.com.
The forfeiture complaints, filed on Friday, focus on tracing around $1.7 million worth of Tether (USDT) laundered through the Tornado Cash mixer, related to the Deribit hack in November 2022. Additionally, they seek to seize about 15.5 Avalanche-bridged Bitcoin (BTC.b) valued at roughly $971,000, which was part of the Stake.com hack.
The Lazarus Group, linked to the North Korean regime, reportedly used Tornado Cash to launder funds from Deribit’s hot wallet server breach. After converting the stolen assets to Ethereum, they used Tornado Cash to obscure their trail, eventually converting the assets into USDT on the Tron blockchain. U.S. law enforcement traced these transactions by identifying wallet similarities, such as synchronized transfers and shared funding sources for transaction fees.
Law enforcement successfully froze about $1.7 million in USDT from five wallets connected to these laundering attempts, although the Lazarus Group managed to launder the remaining funds after initial attempts were thwarted. The U.S. government’s actions mark a significant effort to crack down on North Korean crypto operations and prevent further misuse of digital assets by state-sponsored actors.