In the world of blockchain, where transparency and security are key, the dark underbelly of cryptocurrency laundering continues to thrive. Recent investigations by blockchain analytics investigators have shed light on an individual who is allegedly involved in a cryptocurrency laundering operation. This article delves into the details of the operation, the methods used, and the ongoing efforts to track down the criminals involved.
Blockchain security firm Match Systems recently uncovered a series of major breaches that all seemed to be linked. These breaches, which occurred throughout the summer months of 2023, involved similar methods and pointed to an individual who was allegedly selling stolen cryptocurrency tokens. Through their investigations, the team was able to identify and make contact with this individual on Telegram.
Upon making contact with the individual, the investigators discovered that the person was in control of an address containing over $6 million worth of cryptocurrencies. To exchange the stolen assets, a specially created Telegram bot was used, offering a 3% discount off the market price of the tokens. This allowed the individual to sell the stolen cryptocurrencies via peer-to-peer transfers.
During their interactions with the individual, the Match Systems team noted frequent displays of “unstable” and “erratic” behavior. Abruptly leaving conversations and offering excuses like “Sorry, I must go; my mom is calling me to dinner”, the individual seemed to be evasive and cautious. This behavior, coupled with the use of a telegram bot for transactions, indicated that the individual was not part of the core team behind the operation but was possibly associated with them.
Based on the available information, the investigators believed that the funds being sold by the individual were from CoinEx or Stake companies. While they were unable to fully identify the individual, they did narrow down their location to the European time zone. This, combined with the screenshots and timing of conversations, led them to the conclusion that the individual had possibly been de-anonymized as a guarantee that they would not misuse the stolen assets.
The individual, accepting Bitcoin (BTC) as a means of payment, had previously sold $6 million worth of TRON (TRX) tokens. The latest offering from this Telegram user listed $50 million worth of TRX, Ether (ETH), and Binance Smart Chain (BSC) tokens. These tokens were likely obtained through recent high-profile exchange hacks.
Linking the Hacks to Lazarus Group
While investigating the CoinEx and Stake hacks, blockchain security firm CertiK revealed that the movements of stolen funds were connected to the North Korean Lazarus Group hackers. The FBI also identified the Lazarus Group as the culprits behind the Stake attack. However, Match Systems discovered slight differences in the methodologies used by the CoinEx and Stake hackers compared to previous Lazarus Group attacks.
Earlier Lazarus Group laundering efforts did not involve Commonwealth of Independent States (CIS) nations like Russia and Ukraine. However, recent incidents have shown stolen funds being actively laundered in these jurisdictions. Social engineering has emerged as a key attack vector in the summer hacks, while earlier attacks targeted “mathematical vulnerabilities”.
The tactics used for laundering stolen cryptocurrency have also evolved. While Lazarus hackers traditionally used Tornado Cash, recent incidents have seen funds mixed through protocols like Sinbad and Wasabi. Despite these changes, certain key similarities persist, such as the use of BTC wallets as the primary repository for stolen assets, as well as the Avalanche Bridge and mixers for token laundering.
The rise of cryptocurrency laundering continues to present challenges for blockchain security firms and investigators. The discovery of an individual allegedly involved in this criminal network highlights the need for enhanced security measures and collaboration among industry stakeholders. As hackers constantly adapt and change their tactics, the fight against cryptocurrency laundering remains an ongoing battle for the blockchain community.