Lazarus Group Links Two Major Exploits Through Bitcoin Consolidation Pattern

Published by James Harris on

Lazarus Group Links Two Major Exploits Through Bitcoin Consolidation Pattern — Bitcoin

What You Need to Know

  • Lazarus Group allegedly stole $hundreds of millions across two separate crypto exploits in April and June.
  • Blockchain analysts traced stolen ETH and rsETH merging into unified Bitcoin wallets before routing through mixers.
  • KelpDAO attackers compromised LayerZero RPC nodes, launched DDoS attacks, and manipulated bridge contract to release tokens.
  • Humanity Protocol breach involved phishing a company director, installing malware, and stealing MetaMask keys from infected machine.

On-chain analysis has confirmed what investigators already suspected: the proceeds from two separate crypto exploits totaling hundreds of millions of dollars are flowing into the same wallets, with the fingerprints pointing firmly toward North Korea’s Lazarus Group.

Blockchain analysts Specter and ZachXBT traced 15,403 ETH stolen in the June Humanity Protocol private key theft moving to a fresh Ethereum address before crossing onto Bitcoin, where the funds merged with proceeds from the April KelpDAO bridge exploit. The KelpDAO attack itself was technically sophisticated: attackers compromised internal RPC nodes operated by LayerZero Labs, launched a simultaneous DDoS against external nodes, and tricked the Ethereum bridge contract into releasing 116,500 rsETH without burning the corresponding tokens on the source chain. Consolidating proceeds from separate operations into unified Bitcoin wallets before routing through mixers is a documented Lazarus playbook, and seeing it applied across two structurally different attacks, one a bridge manipulation, the other a phishing-enabled private key theft, confirms the group is running parallel operation tracks rather than one-off opportunistic hits.

The Humanity Protocol breach is the more unsettling of the two: a company director was phished via an email impersonating Bithumb, malware gave the attacker remote desktop access, and MetaMask keys were copied directly from the machine.

The legal layer here is genuinely complicated. Plaintiffs already hold over $877 million in unpaid U.S. court judgments against North Korea, and in April they served Arbitrum DAO with a restraining notice seeking to seize roughly 30,766 ETH of frozen KelpDAO funds, arguing that any assets linked to Pyongyang fall under their claim. A court subsequently approved an Arbitrum governance vote to move those frozen funds into a recovery initiative backed by Aave Labs, KelpDAO, LayerZero, EtherFi, and Compound, which would compensate affected users directly. With on-chain evidence now more explicitly tying the Humanity Protocol theft to the same Lazarus pipeline, the plaintiffs have fresh grounds to extend their legal reach to that recovery process as well.

The Arbitrum Security Council’s freeze of over 30,000 ETH and KelpDAO’s emergency pause reportedly prevented an additional $95 million from being drained during the original attack, which means the governance and recovery mechanics worked better than they usually do in these situations. Whether that infrastructure can survive a protracted legal dispute with judgment creditors claiming North Korean nexus is a different question entirely, and one that no DeFi recovery playbook has had to answer before.

Source: On-chain investigators link KelpDAO and Humanity Protocol exploits to same attackers (cryptopolitan.com)

Categories: News

James Harris

Hi, I’m James Harris, dad of three, professional coffee maker (not drinker, as I make it for my wife), and the unlucky guy who once lost $48 in a crypto scam. Yep, forty-eight bucks. Not life-changing money, but just enough to sting my pride. That little scam lit a fire in me: if I could get fooled, so could anyone. And that’s how DodgeTheScam.com was born. Now I spend my time turning my mistake into your advantage. I dig into scams, fake sites, and shady schemes so you don’t have to learn the hard way. I keep things simple, honest, and sometimes funny, because staying safe online doesn’t have to feel like homework. My mission? To help you dodge scams, save your hard-earned money, and maybe give you a laugh or two along the way.

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

News

Nasdaq Selloff Exposes Leverage Risk in AI Trade, Pressures Bitcoin

Nasdaq plunged 3% in 30 minutes on June 25, erasing $1 trillion in market value as crowded AI positions unwound. Elevated discount rates are forcing a reckoning on AI infrastructure spending's uncertain payoff timeline.

News

Hong Kong Exchanges Must Report User Tax Data to Authorities by 2028

Hong Kong is requiring licensed crypto exchanges to collect user tax-residency data and share it with authorities starting in 2027, mirroring global tax-information standards. The move precedes the launch of regulated stablecoins from HSBC and Standard Chartered, positioning Hong Kong as a formal financial hub rather than a crypto-tolerant jurisdiction.

News

SK Hynix Leveraged ETFs Race to Launch Before Nasdaq Listing

Seven U.S. asset managers are racing to launch leveraged ETFs tied to SK Hynix, the South Korean chipmaker whose stock surged over 300% since 2023 on AI data center demand. GraniteShares leads with 2x long and short funds targeting July 2026, betting first-mover advantage will capture disproportionate trading volume like earlier Nvidia and Tesla ETF issuers.

Exit mobile version