Il Dipartimento di Giustizia degli Stati Uniti ha annunciato che sta cercando di confiscare 2,7 milioni di dollari in criptovalute Bitcoin rubate dal gruppo nordcoreano Lazarus Group, con Tornado Cash attivo tra alcune destinazioni di transazione (output). Il passo sottolinea la continua lotta tra le autorità e gli hacker black-hat che spesso usano siti di criptovaluta per azioni illegali.
Il famigerato gruppo di hacker Lazarus Group, che si ritiene sia responsabile di molteplici attacchi di alto livello alle criptovalute, è stato anche collegato ai furti di Deribit e Stake.com. Questi sono i due casi su cui è incentrata anche l'ultima azione di confisca del governo degli Stati Uniti, in cui sono stati sottratti oltre 28 milioni di dollari da Deribit a novembre 2022 e 41 milioni di dollari da Stake.com a settembre 2023. Circa 1,7 milioni di dollari in Tether (USDT) e 970.000 dollari in Bitcoin (BTC) con Avalanche sono stati rubati da questi attacchi, che sono stati recuperati congelando i fondi, come sostenuto dalle forze dell'ordine.
Tracciare i fondi: da Deribit a Tornado Cash
After stealing from Deribit, the Lazarus Group laundered their stolen funds via Tornado Cash — a privacy-enhancing coin-mixing service designed to obscure transactions. The hackers then moved the assets to Tornado Trees from -> they minted Tether and sent it to Vires Finance again through Tornado Trees, where it was transformed back into ERC20 tokens. They used this to effectively turn those assets into Tron-issued Tether. Investigators were able to follow the money by looking into trends in Ethereum wallets connected to laundered fund flows, including threats that had exploited equivalent cross-chain bridges and similar finances.
Sono stati identificati cinque wallet dell'hacking, con un totale di 1,7 milioni di $ in USDT congelati dalle forze dell'ordine nonostante i tentativi del Lazarus Group di coprirne le tracce. Sebbene questi sequestri rappresentino solo una piccola parte dei 28 milioni di $ totali saccheggiati, si tratta in effetti di una grande vittoria per le forze dell'ordine, che continuano a cercare di rintracciare le criptovalute rubate.
L'attacco hacker a Stake.com e il ruolo dei mixer
The Lazarus Group struck again, this time successfully hacking into Stake.com casino in September 2023, winning $41 million. The syndicate laundered the stolen funds in two phases, first by exchanging the stolen money into Bitcoin via Avalanche Bridge. The alleged perpetrators then conducted the BTC through two Bitcoin mixers—Sinbad and Yonmix—in order to make it even more difficult to keep track of its origin before converting it into stablecoins such as Tether. However, this laundering process was quite elaborate, but law enforcement did manage to freeze about 0.099 BTC — a drop in the ocean as far as most cryptocurrency-related crimes are concerned, but at least it is something.
The involvement of mixers like Tornado Cash, Sinbad, and Yonmix in these laundering schemes underscores the challenges authorities face in tracking Bitcoin and other cryptocurrencies across multiple chains. However, recent advances in blockchain forensics have allowed investigators to trace even these complex transactions, providing law enforcement with the tools to recover some stolen assets.
Implicazioni più ampie e prospettive future
The Lazarus Group has been implicated in a number of other prominent crypto swindlers, including the $235 million pillage on WazirX in July 2024. Given growing concerns related to North Korean hackers leveraging digital currencies as part of their operations, Bitcoin and other cryptocurrencies have been a consistent thread in their finances.
While the recovery of stolen crypto worth $2.7 million is a laudable achievement, it amounts to only a tiny fraction of the state-sponsored Lazarus Group’s larger activities. The group is still active and continues to target cryptocurrency exchanges and services. Bitcoin — given its decentralized scope as one of the most used virtual currencies on blockchains, is an essential asset for this organization and adds to growing calls for stricter security in the crypto realm.
Questa mossa del governo degli Stati Uniti è solo un'ulteriore prova di una tendenza in crescita: la cooperazione internazionale in corso per combattere i presunti crimini informatici, soprattutto quando le criptovalute si sono riprese. Strumenti di monitoraggio sofisticati e analisi blockchain per seguire il denaro, ma gli hacker trovano costantemente nuovi modi per riciclare fondi.
Le considerazioni finali
The story of the case reiterates the double-edged sword that is Bitcoin and other cryptocurrencies—capable of huge innovation and financial freedom but also providing space for bad-faith actors who look to exploit it. Tornado Cash is not the first mixer that Lazarus Group has used for obfuscation, demonstrating how Bitcoin still plays a crucial role in the cybercriminal toolbox. The battle between law enforcement and hackers will likely escalate as authorities develop more sophisticated ways to trace and recover stolen funds, the report said, with Bitcoin at the heart of the fight.
Stay in touch with TheBITJournal follow on Twitter and LinkedIn, and join the Telegram channel to be instantly informed about breaking news!
