ZachXBT, arguably one of the most renowned on-chain sleuths in the world, just went off on USDC issuer Circle and its CEO, Jeremy Allaire. He called them greedy and indifferent to the crypto community’s security. In a Twitter post, he said:
“F**k Circle! F**k Jeremy Allaire! You do not care at all about the ecosystem except extracting from it.”
His deal? Circle’s delayed response in blacklisting stolen funds from hacks and exploits, particularly when it comes to the notorious North Korean Lazarus Group.
Apparently, Circle took 4.5 months longer than other major companies like Tether and Paxos to block Lazarus Group’s funds after the group stole huge amounts of money in DeFi hacks.
Zach wasn’t impressed with Circle’s excuse of virtue-signaling compliance, accusing them of making money off transaction fees while stolen funds flowed through their network.
Lazarus Group’s crypto crime spree
The Lazarus Group, also known as APT38 or Bluenoroff, has been linked to the North Korean government since 2009. They became infamous for hacks like the Sony Pictures attack in 2014 and the $81 million Bangladesh Bank heist in 2016.
However, they’ve been heavily involved in cryptocurrency crimes lately. From August 2020 to October 2023, Lazarus targeted multiple crypto companies and individuals, pulling off 25 known hacks.
Analytics companies TRM and Chainalysis estimate they’ve stolen between $3 billion and $4.1 billion since 2017. They launder stolen crypto using Tornado Cash and convert it into fiat currency on P2P platforms like Paxful and Noones.
In one case, on August 24, 2020, the Canadian exchange CoinBerry had $370,000 stolen from its Bitcoin and Ethereum wallets.
CoinBerry didn’t reveal the hack publicly, but a lawsuit in 2022 exposed the theft. Lazarus also hit Unibright in September 2020, making off with $400,000 after getting access to private keys and CoinMetro in October 2020, where they stole $750,000.
Lazarus’ stolen funds were transferred through Tornado Cash.
For instance, funds from the CoinBerry, Unibright, and CoinMetro hacks were traced to addresses like 0x0864, where 3,000 ETH was deposited into Tornado Cash in January 2021.
That ETH was then moved in smaller amounts to avoid detection, with a large portion laundered on P2P platforms like Paxful and Noones.
In 2021, Lazarus began using Noones to continue cashing out stolen funds. Funds linked to Lazarus’ thefts from these hacks were still being transferred in batches as recently as November last year.
Paxful and Noones used for money laundering
Lazarus also laundered crypto into fiat using Paxful and Noones, P2P marketplaces that let users trade crypto for cash.
Starting in July 2022, they began moving large amounts of USDT through Paxful, with more transfers in April 2023 through Noones.
These platforms allowed them to continue cashing out without interference.
One specific transfer from the theft address 0x0549 sent USDT to Paxful and Noones, consolidating funds from many Lazarus hacks before converting them into fiat.
The list of hacks linked to Lazarus is perhaps too long. On December 14, 2020, Nexus Mutual founder Hugh Karp was tricked into approving a malicious transaction that led to $8.3 million in NXM being stolen.
A few days later, 137.1 BTC from the theft was laundered through ChipMixer, with similar tactics used in other hacks.
By 2021, Lazarus was also linked to EasyFi, Bondly Finance, and other attacks. In one instance, $81 million worth of EASY tokens were stolen from EasyFi after founder Ankitt Gaur’s device was compromised.
On July 14, 2021, the CEO of Bondly Finance, Brandon Smith, had $8.5 million of assets stolen when his recovery phrase was compromised.
Again, the stolen funds were transferred to Tornado Cash, where they were mixed and then laundered through P2P exchanges. Lazarus Group’s pattern is pretty clear.
By the end of 2023, Lazarus Group had laundered millions through Paxful and Noones, much of it passing through Circle’s network before any action was taken.
In total, $44 million was laundered from hacks between July 2022 and November 2023.
Tether eventually stepped in and blacklisted $374,000 in USDT in November 2023. But for many in the crypto community, including Zach, it was too little too late.