Crypto laundering evolves with Lazarus Group’s bridge tactics


Article Contents

In This Article

Cryptocurrencies have introduced a new frontier for money laundering, challenging the traditional methods used to disguise the illegal origins of funds. At the heart of this challenge is blockchain technology, which, with its transparent ledger, makes every transaction visible to the public. Despite this transparency, criminals creatively attempt to obfuscate the trace of their funds, aiming to convert their illicitly obtained cryptocurrencies into fiat currency undetected.

The “2024 Crypto Crime Money Laundering Report” from Chainalysis highlights a notable evolution in the tactics employed by these individuals, reflecting broader shifts in the landscape of digital financial crime. This analysis not only underscores the adaptability of criminals to technological advancements but also marks the ongoing battle between these illicit actors and regulatory efforts to curb money laundering in the digital age.

Cryptocurrency laundering decreases

Chainalysis’s updated findings reveal a significant shift in cryptocurrency transactions linked to illicit activities in 2023. Illicit addresses transferred $22.2 billion of cryptocurrency to various services, a notable reduction from $31.5 billion in 2022. This decline exceeds the overall decrease in transactional volume, with money laundering activities dropping by 29.5% against a 14.9% fall in total transaction volume. This discrepancy suggests that factors beyond mere transactional slowdowns are at play in the reduction of cryptocurrency laundering.

f1331338 84c5 4ccf b2df 010bd96ac524
Total cryptocurrency laundered by year from 2019-2023 – Source: Chainalysis

The decline in cryptocurrency laundering can be attributed to multiple factors, with a significant impact stemming from U.S. authorities’ aggressive crackdown on crypto mixers. These services, known for blending illicit funds to obscure their origins, have faced heightened prosecution, significantly curtailing their operations in the laundering ecosystem.

Mixers activity drops

The shutdown of Tornado Cash on Aug. 8, 2022, marked a turning point for the crypto mixer industry, foreshadowing further actions such as the closure of Sinbad by U.S. authorities on Nov. 29, 2023. These crackdowns have significantly impacted cryptocurrency launderers reliant on mixers to disguise the origins of illicit funds. The Chainalysis report highlights a sharp decline in funds sent to mixers from illicit addresses, falling from $1.0 billion in 2022 to $504.3 million in 2023.

03a28e53 fceb 4346 bf95 2fd9313cb51e
Total illicit value moving to mixers 2019-2023 – Source: Chainalysis

Despite U.S. efforts to disrupt cryptocurrency laundering and the closure of Sinbad, the Lazarus Group, a North Korean hacker collective with ties to their government, has swiftly adapted, and since January 2024, the Lazarus Group has been receiving funds via YoMix, according to the report.

YoMix’s activity surged fivefold throughout 2023, with about one-third of its inflows traced back to wallets linked to cryptocurrency hacks. This Chainalysis data underscores cybercriminals’ persistent adaptability in response to regulatory pressures.

0ac5c08c 2deb 484f b9db 13022a12313f
Quarterly indexed growth of funds sent to YoMix in 2023 – Source: Chainalysis

Despite a contraction in illicit services, Chainalysis notes a shift in the laundering landscape: an increasing portion of illegal funds of cryptocurrency is now flowing into decentralized finance (DeFi) protocols. The report specifically points to a rise in funds directed toward gambling services and bridge protocols, indicating evolving strategies by those seeking to obscure the origins of illicit funds.

Cross-chain bridges popular for crypto criminals 

Crypto criminals consistently favor centralized exchanges (CEX) to funnel illicit funds, even as their tactics evolve, highlighting a steady preference in their laundering approaches.

4ae2c5f9 ed01 41d3 9882 dc98bf433dec
Destination of funds leaving illicit wallets from 2019-2023 – Source: Chainalysis

While the increase in illicit funds moving through cross-chain bridges in 2023 might appear modest compared to centralized exchanges (CEX), isolating the data reveals a significant uptick in their use for illicit transfers.

ff6220fb d7bb 42f3 97e8 fb8e7c70c104
Total illicit value moving to bridges from 2019-2023 – Source: Chainalysis

Using centralized exchanges (CEX) poses a risk for crypto criminals, as authorities or the exchanges can freeze illicit funds. In contrast, decentralized protocols and exchanges lack such controls, offering criminals fewer obstacles. Despite this, on-chain analysts can still trace fund movements through DeFi protocols, a more challenging task with centralized services.

Chainalysis’s study identifies a distinct trend: an increasing volume of stolen funds is being redirected to cross-chain bridges, marking them as a new preferred destination for illicit activities.

8471dc99 1380 41d8 925d ec2d711c80d1
Change in money laundering services used by crime category from 2022-2023 – Source: Chainalysis

Speaking exclusively to Cointelegraph, Kim Grauer, Director of Research at Chainalysis, highlighted that Avalanche and THORChain are notably prevalent blockchains for illicit activities, according to their latest data. The utility of cross-chain bridges, which facilitate the transfer of funds across different blockchains, is increasingly leveraged by crypto criminals to obscure their laundering efforts. 

This strategy enables them to disperse illicit funds over a broader array of services and deposit addresses, complicating detection efforts by law enforcement and compliance teams at exchanges. Furthermore, spreading assets across multiple addresses aims to mitigate risks associated with any single address being frozen due to suspicious activities.

Can cross-chain bridges avoid activity from illicit funds or Lazarus Group as a client?

Cross-chain bridges, which operate via smart contracts, theoretically have the capability to block funds from sanctioned organizations like the Lazarus Group by implementing blacklists. Grauer explained that such a mechanism is not just theoretical: The Office of Foreign Assets Control (OFAC) has already curated a list of sanctioned wallet addresses, which crypto companies are using to prevent these wallets from engaging in transactions through their platforms. She emphasized the expectation for service providers to actively identify and deter potential illicit activities, including money laundering.

Moreover, she suggests that bridge developers and operators could use blockchain analysis tools to detect and prevent misuse by illicit actors. Failure to adopt such preventive measures poses a risk, especially for bridges frequently utilized by entities like the Lazarus Group. Continuing this trend could necessitate the adoption of stricter regulatory measures by bridges to avoid outcomes similar to those of Sinbad or Tornado Cash.