Blockchain analytics investigators have uncovered an individual involved in a cryptocurrency laundering operation that is selling stolen tokens at discounted prices from recent high-profile exchange hacks. The investigators, from blockchain security firm Match Systems, have been conducting investigations into major breaches that occurred during the summer months of 2023. These investigations have led them to an individual who is allegedly selling stolen cryptocurrency tokens via peer-to-peer transfers.
In an interview with Cointelegraph, a representative from Match Systems provided exclusive information about their findings. The investigators were able to identify and make contact with an individual on Telegram who was offering stolen assets. After receiving a small transaction from the corresponding address, the team confirmed that the user was in control of an address containing over $6 million worth of cryptocurrencies.
To facilitate the exchange of stolen assets, the individual used a specially created Telegram bot that offered a 3% discount off the token’s market price. The Match Systems team had conversations with the owner of the address, who reported that the initial assets on offer had been sold and that new tokens would be available in about three weeks.
Although the investigators have been unable to fully identify the individual, they have narrowed down their location to the European time zone based on screenshots and the timings of conversations. They believe that the individual is not part of the core team behind the hacks but is associated with them, potentially having been de-anonymized to ensure the assets are not misused. The individual also displayed unstable and erratic behavior during interactions, abruptly leaving conversations with excuses like having to go to dinner when prompted for more information.
Match Systems revealed that the individual accepted Bitcoin (BTC) as payment for the discounted stolen tokens and had previously sold $6 million worth of TRON (TRX) tokens. The latest offering from the Telegram user includes $50 million worth of TRX, Ether (ETH), and Binance Smart Chain (BSC) tokens.
Previous reports from blockchain security firm CertiK and the FBI have implicated North Korean Lazarus Group hackers in the Stake and CoinEx hacks. However, Match Systems’ analysis suggests that the CoinEx and Stake hacks had slightly different identifiers in methodology. While previous Lazarus Group laundering efforts did not involve Commonwealth of Independent States (CIS) nations like Russia and Ukraine, the 2023 summer hacks saw stolen funds being actively laundered in these jurisdictions.
The recent incidents have left more breadcrumbs for investigators compared to previous Lazarus Group attacks. Social engineering has been identified as a key attack vector in the summer hacks, while the Lazarus Group primarily targeted mathematical vulnerabilities. Additionally, the laundering methods used have differed, with Lazarus hackers typically using Tornado Cash and recent incidents involving protocols like Sinbad and Wasabi. However, there are still significant similarities, such as the use of BTC wallets as the primary repository for stolen assets and the use of the Avalanche Bridge and mixers for token laundering.
According to blockchain data reviewed at the end of September 2023, North Korean hackers have stolen an estimated $47 million worth of cryptocurrency this year, including $42.5 million in BTC and $1.9 million in ETH.
The investigation conducted by Match Systems highlights the ongoing challenge of combating cryptocurrency laundering operations. As hackers continue to target exchanges and steal valuable assets, it is crucial for security firms, law enforcement agencies, and the cryptocurrency community to work together to prevent and detect such crimes. Efforts to enhance security measures, educate users, and track stolen funds are essential in maintaining the integrity and trust in the cryptocurrency ecosystem.