Chainalysis reports that Lazarus converted to YoMix following sanctions against the Sinbad mixer

Chainalysis reported that North Korea’s Lazarus cyber group has adopted YoMix instead of the sanctioned Sinbad mixer.

Chainalysis reported on Thursday that North Korean hackers are increasingly utilizing cross-chain bridges and adopting novel money laundering methods.

Unfamiliar with the compromises of numerous crypto protocols and companies, including Harmony, Coincheck, and Atomic Wallet, the Lazarus Group continues to be one of the most prolific attackers in the industry. According to Chainalysis, the organization has transitioned from utilizing the Tornado Cash mixing protocol and the Sinbad mixer to a new mixer known as YoMix.

According to Chainalysis, Inflows of funds to YoMix increased fivefold in 2023 with approximately one-third originating from wallets linked to cryptocurrency breaches.

“Lazarus Group’s adoption of YoMix serves as a notable illustration of how cunning actors can adjust and procure substitute obfuscation services in the event that previously well-liked ones cease operations,” the report states.

Chainalysis additionally reported that Lazarus has been employing cross-chain interconnections. In recent years, bridging protocols have gained considerable traction among cybercriminals. In 2023, they obtained cryptocurrency worth $743.8 million from addresses associated with criminal activities, which is double the amount they received in 2022 ($312.2 million).

“Hacker with ties to North Korea have been among the most active users of bridges for money laundering,” according to Chainalysis.

Blockchain wallets associated with illegal activities transferred $22.2 billion worth of cryptocurrency to exchanges, mixers, and DeFi platforms, among others, in 2023, according to Chainalysis. These platforms and services enable the concealment of the funds’ origins. Significantly less than the $31.5 billion recorded in 2022.

Blockchain analysis has discovered that mixers are becoming less popular among cybercriminals as a whole. They received $504.3 million worth of cryptocurrency from addresses associated with criminal activities in 2023, up from $1 billion in 2022.

Chainalysis reported that centralized exchanges have continued to be the primary destination for illicit funds for the past five years. According to the firm, a mere five centralized platforms processed 71.7% of all illicit services in 2023. In 2023, 109 exchange deposit addresses received illicit cryptocurrencies worth more than $10 million each, for a total of $3.4 billion, according to Chainalysis data.

“Although this still signifies a substantial concentration, the report states that in 2022, a mere 40 addresses received illicit cryptocurrencies worth more than $10 million, for a total of just under $2 billion.”

Chainalysis noted that this degree of concentration varies across classes of cybercrime. As an illustration, it is evident that vendors specializing in child sexual exploitation materials and ransomware exhibit a notable level of concentration, as more than 50% of all funds are directed to a mere seven deposit addresses. In contrast, darknet vendors and online fraudsters employ a greater variety of deposit addresses to conceal their illicit funds.

Also Read: Klaytn and Finschia approve merger to create biggest web3 ecosystem in Asia February 15, 2024