The dreaded North Korean hacker collective Lazarus Group is now using the YoMix Bitcoin mixer to launder stolen funds after the recent crackdown on the Sinbad mixer.
The Lazarus Group is infamous for carrying out some of the largest crypto heists over the years, targeting a plethora of crypto firms.
YoMix Emerges As Alternative For Lazarus
Lazarus’ activities on YoMix were revealed in a report by blockchain analytics firm Chainalysis, which stated that the group moved its laundering operations from Sinbad mixer after it was sanctioned to YoMix. The report revealed that hackers associated with the group have resorted to using novel money laundering techniques, and are increasingly using cross-chain bridges to obfuscate the origins of the stolen crypto assets.
The Lazarus Group has historically used services such as Tornado Cash and the Sinbad Mixer to launder funds. However, the Chainalysis report revealed that the group has started using the services of a new mixer, YoMix. The Lazarus Group has been involved in several infamous hackings, such as those of Coincheck, Harmony, and Atomic Wallet.
Significant Increase Of Funds Into YoMix
In its report, Chainalysis reported a significant surge of funds flowing through the YoMix mixer, with data showing a five-fold increase in inflows. One alarming detail of these funds was that over one-third originated from wallets associated with crypto hacks. This indicated a significant reliance on YoMix by bad actors looking to obfuscate the origin of their funds.
The switch to YoMix indicates the adaptability of threat actors in the face of ever-changing security measures following the closure of previously popular avenues. Chainalysis also observed a shift towards less centralized money laundering practices at the deposit level. This observation was made even as laundering activities have become more centralized at the service level. This suggests that bad actors diversify their laundering activities across multiple services or deposit addresses.
Use Of Cross-Chain Bridges
Apart from moving to new mixing protocols, the Lazarus Group has also started using cross-chain bridges, enabling the seamless flow of funds through different blockchain networks. Chainalysis noted that bad actors transferred $743.8 million worth of crypto from addresses associated with hacks using cross-chain bridges in 2023. This is double what it was last year.
Despite the overall decrease in the total number of funds laundered compared to the previous year, using cross-chain bridges and other obfuscation techniques remains popular among cybercriminals. Chainalysis observed a general decline in the popularity of mixing services, with mixing services receiving $504.3 million worth of crypto, compared to $1 billion in 2022. Chainalysis attributed this decline to law enforcement and regulatory efforts.
“Much of this is likely due to law enforcement and regulatory efforts, such as the sanctioning and shutdown of mixer Sinbad in November 2023.”
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.