Crypto Gloom

Lazarus Group’s Money Laundering Tactics Evolve Through YoMix and Cross-Chain Bridges: Chainalytic Report

Crypto Metaverse News
By Crypto Gloom
by alice davidson

Posted: February 15, 2024 10:38 AM Updated: February 15, 2024 10:39 AM

by Victor Day

Correction and fact check date: February 15, 2024, 10:38 AM

briefly

Lazarus Group is leveraging mixer protocol YoMix and cross-chain bridges for money laundering, a new Chainalytic report claims.

Lazarus Group is switching to YoMix and embracing cross-chain bridges amid changing money laundering tactics, Chainalytic has learned.

The Lazarus Group, a cybercriminal group run by the North Korean government known for carrying out cyberattacks targeting various cryptocurrency companies such as Harmony, Coincheck, and Atomic Wallet, has stolen the existing Tornado Cash ( We switched from using Tornado Cash to a new mixer protocol, YoMix.

According to a recent report by blockchain analysis company Chainalytic, North Korean hackers are turning to new methods of money laundering, such as using cross-chain bridges for illegal activities.

During 2023, inflows into YoMix increased five-fold, with about a third of them coming from wallets linked to cryptocurrency hacks. The growth of YoMix and its adoption by Lazarus Group are “key examples” of the ability of sophisticated actors to apply and identify alternative obfuscation services in response to the termination of previously popular services, according to the report.

Lazarus Group has also gained significant popularity among cybercriminals by using cross-chain bridges as a bridging protocol. In 2023, a total of $743.8 million worth of cryptocurrency was received from addresses linked to criminal activity, double the 2022 record of $312.2 million.

In particular, North Korea-related hackers are the ones most frequently using bridges for money laundering.

Centralized exchanges and DeFi platforms are gaining attention as sources of money laundering.

In 2023, $22.2 billion worth of cryptocurrency was transferred through blockchain wallets linked to illicit activities to various platforms and services designed to obscure the origin of funds, including exchanges, mixers, and decentralized finance (DeFi) platforms. However, this figure is significantly lower than the $31.5 billion reported by Chainalysis for 2022.

Overall, cryptocurrency mixers have decreased in popularity among cybercriminals. In 2023, these platforms received $504.3 million worth of cryptocurrency from addresses associated with illicit activity, down from the $1 billion recorded in 2022.

According to Chainalytic, centralized exchanges have continued to be the main beneficiaries of illicit funds over the past five years. By 2023, approximately 71.7% of all illicit transactions were routed to just five centralized platforms. According to Chainalysis data, 109 exchange deposit addresses individually received $10 million worth of illicit cryptocurrency, totaling $3.4 billion in 2023.

“While this still represents a significant concentration, only 40 addresses received more than $10 million in illicit cryptocurrencies in 2022, with a total of less than $2 billion,” Chainalisys emphasized.

The level of focus varies depending on the type of cybercrime. In particular, vendors involved in the distribution of ransomware and child sexual exploitation material are highly concentrated, with more than half of all funds concentrated in just seven deposit addresses. In contrast, online fraudsters and darknet vendors tend to utilize a wider variety of deposit addresses for illicit funds.

“Overall, it is likely that cryptocurrency criminals will diversify their money laundering activities through more overlapping services or deposit addresses to better hide their money laundering activities from law enforcement and exchange compliance teams. Spreading activity across more addresses may also be a strategy to reduce the impact of a single deposit address being frozen due to suspicious activity,” the report concluded.

As Chainalytic points out, the cybersecurity landscape is witnessing a dynamic shift in tactics, with cybercriminals constantly changing their behavior as they adopt new techniques for money laundering. This evolution highlights the need for adaptive measures to prevent illegal activity and promote safety in the cryptocurrency space.

disclaimer

In accordance with the Trust Project Guidelines, the information provided on these pages is not intended and should not be construed as legal, tax, investment, financial or any other form of advice. It is important to invest only what you can afford to lose and, when in doubt, seek independent financial advice. We recommend that you refer to the Terms of Use and help and support pages provided by the publisher or advertiser for more information. Although MetaversePost is committed to accurate and unbiased reporting, market conditions may change without notice.

About the author

Alisa is a reporter for Metaverse Post. She focuses on everything related to investing, AI, metaverse, and Web3. Alisa holds a degree in Art Business and her expertise lies in the fields of art and technology. She developed a passion for journalism through her work with VCs, notable cryptocurrency projects, and science writing. You can contact us at (email protected).

more articles

alice davidson

Alisa is a reporter for Metaverse Post. She focuses on everything related to investing, AI, metaverse, and Web3. Alisa holds a degree in Art Business and her expertise lies in the fields of art and technology. She developed a passion for journalism through her work with VCs, notable cryptocurrency projects, and science writing. You can contact us at (email protected).

more articles

You might also like More from author