ChainCatcher news, according to on-chain detective ZachXBT, Chinese OTC trader Yicong Wang has helped the Lazarus Group convert tens of millions of stolen cryptocurrencies into cash via bank transfers since 2022.A few months ago, a follower contacted ZachXBT after their trading account was frozen following a P2P transaction with OTC trader Yicong Wang (using aliases such as Seawang, Greatdtrader, and BestRhea977). He then shared one of Yicong Wang's Tron wallet addresses from a WeChat conversation screenshot.When reviewing blockchain data related to Yicong Wang, a high risk of illicit funds was noted from Alex Labs, co-founder of Irys. Alex Labs was hacked by the Lazarus Group in May 2024, resulting in a loss of approximately $4.5 million. An Ethereum address, 948K, which was blacklisted by Tether in August 2024, is also directly related to Yicong. It is evident from on-chain data that he has continued to actively assist the Lazarus Group in recent weeks.

ChainCatcher news, according to the analysis by SlowMist's MistTrack, there is a suspected connection between the Indodax hacker and the BingX hacker, as they used the same address (0x0c74c11443e60e011f884f547729127380ca1992) for money laundering.The Indodax hacker operates on Polygon, while the BingX hacker operates on BSC.SlowMist founder Yu Xian stated: "We have found evidence of connections between the hacking incidents of BingX, Indodax, CoinEx, Alphapo, Stake, etc., all pointing to the North Korean hacker Lazarus Group."Previously, on September 11, the wallet of the Indonesian crypto exchange Indodax conducted over 150 suspicious transactions across different networks, with a total loss of approximately $18.2 million. The suspicious address is exchanging various tokens for Ethereum.Subsequently, on September 20, BingX was attacked, with the estimated total stolen assets exceeding $43 million.

According to ChainCatcher news, as monitored by ZachXBT, as of today, all four stablecoin issuers (Paxful, Tether, Techteryx, Circle) have blacklisted the following two addresses, which are held by the Lazarus Group with 4.96 million dollars. An additional 1.65 million dollars have been frozen across various exchanges, bringing the total amount frozen in this investigation to 6.98 million dollars.

ChainCatcher news, according to Cointelegraph, cybersecurity experts warn that the notorious North Korean hacking group "Lazarus Group" may target the U.S. Bitcoin ETF as a new attack vector. Michael Pearl, Vice President of GTM Strategy at Cyvers, stated that hackers might turn their attention to the U.S. Bitcoin ETF due to the potential for massive returns.According to Dune data, U.S. ETFs currently hold Bitcoin worth $52.1 billion, making it an enticing target for hackers. Pearl warned that not only ETF providers could become targets, but all companies associated with them would also face risks, making ETF vulnerabilities a pressing issue that needs to be addressed quickly, or else a "super hacker" incident could occur.

ChainCatcher news, according to DL News, TRM Labs has disclosed that it assisted Argentine law enforcement in the arrest of a Russian citizen.It is reported that this individual is involved in a multi-million dollar money laundering operation. The 29-year-old suspect accepted cryptocurrency benefits from illegal actors, including the hacker group Lazarus Group. Additionally, the suspect used a Telegram bot to exchange rubles, USDT, euros, and dollars for Argentine pesos. During the arrest, police seized over $120,000 worth of cryptocurrency and an additional $15 million from properties controlled by the suspect.

ChainCatcher news, on-chain detective ZachXBT posted on platform X, analyzing hacker behavior through on-chain data, indicating that the WazirX hacking incident has characteristics of an attack by the hacker organization Lazarus Group. ZachXBT stated: "I hope the WazirX team can publicly share their investigation results. I solved the Arkham bounty issue and discovered the KYC exchange deposits made by the WazirX hacker; unfortunately, this may not be very helpful, as KYC-verified accounts can be easily purchased online for any transactions."

ChainCatcher message, Bitcoin DeFi platform ALEX Lab released a security incident update stating, "There is substantial transaction evidence indicating that this attack is related to the hacker organization Lazarus Group. We are actively collaborating with international law enforcement and cybersecurity experts to address the impact of this attack and recover lost assets. Alex Lab is implementing enhanced security protocols to strengthen the platform's ability to withstand similar threats.As the investigation progresses and recovery efforts continue, Alex Lab will provide regular updates."

ChainCatcher news, ZachXBT stated that between August 2020 and October 2023, the North Korean hacker group Lazarus Group laundered $200 million into fiat currency through more than 25 cryptocurrency hacks.

ChainCatcher message, Slow Mist's Chief Information Security Officer 23pds stated on social media that the North Korean hacker group Lazarus Group has posted a fake Fenbushi Capital member page on LinkedIn, urging users to be cautious and discerning. The Lazarus Group is using the guise of investments and meetings for phishing, which could lead to losses in cryptocurrency assets.

ChainCatcher news, according to Arkham monitoring, the hacker group Lazarus Group extracted $1 million worth of Bitcoin from its mixing pool and sent $150,000 worth of Bitcoin to a previously inactive address.

ChainCatcher news, the on-chain analysis agency X-explore posted on social media stating that it believes the reason for the attack on Poloniex is the leakage of private keys, and the attackers are the Lazarus Group.It is reported that this attack is similar to the attack on Stake.com on September 4, 2023, where hackers stored different tokens in different addresses, with each address handling only one type of token.

According to ChainCatcher news and reported by Yonhap News Agency, over the past year, the North Korean hacker group Lazarus Group has laundered more than $900 million (approximately 1.2 trillion won) in cryptocurrency through cross-chain bridges, accounting for about one-seventh of the total amount laundered through cross-chain bridges in the past year ($7 billion).

ChainCatcher message, ESET security researchers discovered an undocumented backdoor named LightlessCan while analyzing an attack against a Spanish aerospace company. LightlessCan is new malware from the North Korean hacking group Lazarus Group that can now bypass detection, and it has been using a new type of "sophisticated" malware as part of its fake job scheme.

ChainCatcher news, according to Cointelegraph, based on data from 21Shares' parent company 21.co on Dune Analytics, wallets associated with the North Korean hacker group Lazarus Group currently hold digital assets worth approximately $47 million, including $42.5 million in Bitcoin, $1.9 million in Ethereum, $1.1 million in BNB, and $640,000 in stablecoins.

ChainCatcher message, SlowMist found during the analysis of the CoinEx attack incident that the CoinEx hacker may be associated with the North Korean hacker group Lazarus Group, with specific connections as follows:The known Alphapo Exploiter (TDrs...WVjr) exchanged TRX for ETH through TransitSwap and cross-chained to the address (0x22be3b0a943b1bc0ea3aec2cb3ef511f3920a98d), thus this address is also marked as Alphapo Exploiter on Ethereum;The hacker address 0x22be3b0a943b1bc0ea3aec2cb3ef511f3920a98d is marked as Alphapo Exploiter on Ethereum and as Stake.com Exploiter on BNB Chain, indicating that this address is a shared address;0x75497999432B8701330fB68058bd21918C02Ac59 is marked as CoinEx Exploiter on Arbitrum and OP Mainnet, and as Stake.com Exploiter on Polygon, indicating that this address is a shared address.Since the Stake.com Exploiter has been linked by the FBI to the North Korean hacker group Lazarus Group, it is possible that the Alphapo Exploiter, Stake.com Exploiter, and CoinEx Exploiter are all part of the North Korean hacker group Lazarus Group.

ChainCatcher news, recently, Slow Mist and its partners discovered a large-scale APT attack activity directed at the cryptocurrency industry by the North Korean Lazarus group.It is reported that their attack methods are as follows: first, they impersonate identities, tricking reviewers through real-person authentication to become legitimate customers, and then making real deposits. Under the cover of this customer identity, they then specifically deploy customized Trojans for Mac or Windows targeting official personnel during multiple communication points with officials and customers (attackers). After gaining access, they conduct lateral movement within the internal network, remaining dormant for a long time to achieve the goal of stealing funds.