How Lazarus Group laundered $200M from 25+ crypto hacks to fiat from 2020–2023
Table of contents1). Introduction 2). CoinBerry, Unibright, & CoinMetro hacks 3). Nexus Mutual founder hack 4). EasyFi hack 5). Bondly hack 6). Unreported hacks 7). MGNR and PolyPlay hacks 8). bZx hack 9). Steadefi and CoinShift hacks 10). Paxful and Noones accounts 11). Investigation results 12). Other Incidents 13). AcknowledgmentsIntroductionBluenoroff or APT38, more commonly referred to as Lazarus Group is a threat group which has been tied to the North Korean government since as early as...
How Lazarus Group laundered $200M from 25+ crypto hacks to fiat from 2020–2023
Table of contents1). Introduction 2). CoinBerry, Unibright, & CoinMetro hacks 3). Nexus Mutual founder hack 4). EasyFi hack 5). Bondly hack 6). Unreported hacks 7). MGNR and PolyPlay hacks 8). bZx hack 9). Steadefi and CoinShift hacks 10). Paxful and Noones accounts 11). Investigation results 12). Other Incidents 13). AcknowledgmentsIntroductionBluenoroff or APT38, more commonly referred to as Lazarus Group is a threat group which has been tied to the North Korean government since as early as...
Loyalist: $4m stolen from over 400 victims
BackgroundSince early 2022 Loyalist / Lukas / Shibango has stolen an estimated $4m+ worth of crypto and NFTs through running phishing scams on Twitter and by collaborating with other known phishing scammers.July 2022On July 25 2022 multiple people fell victim to an ENS domain phishing site prompting people to grant approvals to 0xe55 and lose 10 NFTs. This address had been freshly funded by 0x908 earlier that day. Prior to then 0x908 had deposited 100,000 DAI into Tornado Cash.Source: Peckshi...
Loyalist: $4m stolen from over 400 victims
BackgroundSince early 2022 Loyalist / Lukas / Shibango has stolen an estimated $4m+ worth of crypto and NFTs through running phishing scams on Twitter and by collaborating with other known phishing scammers.July 2022On July 25 2022 multiple people fell victim to an ENS domain phishing site prompting people to grant approvals to 0xe55 and lose 10 NFTs. This address had been freshly funded by 0x908 earlier that day. Prior to then 0x908 had deposited 100,000 DAI into Tornado Cash.Source: Peckshi...
Gone phishing for $5m
BackgroundSince late 2021 a scammer known as Elliot / Chinese / Devil has stolen $5m+ worth of crypto and NFTs through phishing scams and a NFT rug pull project.October 2021 — Crazy Lemur ClubOn Oct 10 2021 the NFT collection Crazy Lemur Club (CLC) launched with a total supply of 5,000 NFTs created by the anonymous team “Cat” & “Dog”. CLC advertised utility such as “exclusive metaverse access, arcade games, and a community DAO” but on November 5 2021 CLC made its last Tweet ever with the webs...
Gone phishing for $5m
BackgroundSince late 2021 a scammer known as Elliot / Chinese / Devil has stolen $5m+ worth of crypto and NFTs through phishing scams and a NFT rug pull project.October 2021 — Crazy Lemur ClubOn Oct 10 2021 the NFT collection Crazy Lemur Club (CLC) launched with a total supply of 5,000 NFTs created by the anonymous team “Cat” & “Dog”. CLC advertised utility such as “exclusive metaverse access, arcade games, and a community DAO” but on November 5 2021 CLC made its last Tweet ever with the webs...
Tracking down Discord & Twitter phishing scammers
Since December 2021 we’ve seen 600+ Discord servers compromised & 12+ NFT related Twitter accounts hacked as well. This has resulted in millions of dollars being stolen. Welcome to part 2 of tracking down the people responsible. As a TLDR to those who missed the first part of the investigation, I uncovered that Cam (who previously SIM swapped $37m), sold Twitter panel access to scammers known as HZ & Popbob enabling them to hack 12+ NFT Twitter accounts.Safe to say horror (HZ/Chase) was not t...
Tracking down Discord & Twitter phishing scammers
Since December 2021 we’ve seen 600+ Discord servers compromised & 12+ NFT related Twitter accounts hacked as well. This has resulted in millions of dollars being stolen. Welcome to part 2 of tracking down the people responsible. As a TLDR to those who missed the first part of the investigation, I uncovered that Cam (who previously SIM swapped $37m), sold Twitter panel access to scammers known as HZ & Popbob enabling them to hack 12+ NFT Twitter accounts.Safe to say horror (HZ/Chase) was not t...
Canadian Teen SIM Swaps for $37m and is now allegedly responsible for multiple Twitter hacks.
Cameron Redman is the alleged person responsible for the hacked NFT Twitter accounts over the past few months Does the name ring any bells? Well it should bc in February 2020 he SIM swapped a single person for $37 million worth of Bitcoin & Bitcoin Cash.On February 22, 2020 Josh Jones was sim swapped for ~60k BCH & 1547 BTC BCH victim address qzumak2rvxksjgkjuxe2fe5jxatktlsnhy5sthr5p7 BTC victim address 1 bc1qd0hveqwqu9h3x8flfq560hlyk9mptf3j2p89gg BTC victim address 2 bc1qrwhh74sv88gzq6qgpz5u...
Canadian Teen SIM Swaps for $37m and is now allegedly responsible for multiple Twitter hacks.
Cameron Redman is the alleged person responsible for the hacked NFT Twitter accounts over the past few months Does the name ring any bells? Well it should bc in February 2020 he SIM swapped a single person for $37 million worth of Bitcoin & Bitcoin Cash.On February 22, 2020 Josh Jones was sim swapped for ~60k BCH & 1547 BTC BCH victim address qzumak2rvxksjgkjuxe2fe5jxatktlsnhy5sthr5p7 BTC victim address 1 bc1qd0hveqwqu9h3x8flfq560hlyk9mptf3j2p89gg BTC victim address 2 bc1qrwhh74sv88gzq6qgpz5u...
