North Korean-sponsored hacking collective the Lazarus Group is a TRON whale, according to on-chain data. Moreover, it has been on the rampage recently, raking in illicit gains from crypto platforms.
On September 26, blockchain security firm PeckShield reported that the CoinEx Drainer holds just over 137 million TRX valued at around $11.63 million.
Lazarus Group Holdings Growing
It added that this constitutes 0.154% of the total TRON supply, making it the 66th largest TRX holder. The total supply of TRX is 89 billion, and it has a market capitalization of $7.5 billion.
On September 12, the CoinEx exchange suffered a hack that drained as much as $55 million from the platform. Around a fifth of it was in the Tron native token, TRX. Moreover, the token is currently trading at $0.084, having gained 8% over the past fortnight.
Furthermore, the North Korean hacker group Lazarus was responsible for the attack, according to blockchain security firm SlowMist. CoinEx resumed deposits and withdrawals for selected crypto assets on September 21.
According to a Dune Analytics dashboard from 21 Shares parent 21.co, the Lazarus group currently holds $45.8 million worth of crypto assets.
Its holdings spiked to over $80 million in January and early September, the latter following the $41 million hack of Stake.com.
While it holds a lot of TRX, the majority of Lazarus’ holdings are in Bitcoin. According to Dune, the cybercrime group has around $42 million worth of BTC.
It also holds $640,000 in stablecoins, predominantly Binance USD (BUSD).
According to the Federal Bureau of Investigations, Lazarus stole almost $200 million from Atomic Wallet, Alphapo, and CoinsPaid in June and July.
Researchers have frequently reported that the group has channeled its ill-gotten crypto gains into North Korea’s missile program.
Hacking Rampage Continues
According to crypto security firm Elliptic, there were five Lazarus attacks in 104 days, netting the nefarious group around $240 million.
The firm observed that some of the funds stolen from CoinEx were sent to an address that was used to launder funds stolen from Stake. It also noted a change of tactics this year:
“An analysis of Lazarus’ latest activity suggests that since last year, it has shifted its focus from decentralized services to centralized ones.”
It also reported that the Group prefers to use social engineering as an attack vector. Lazarus malware is used to target employees of centralized crypto providers in sophisticated phishing attacks, it warned.
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.