Chainalysis disclosed that YoMix, a Bitcoin aggregator, has compelled the North Korean Lazarus Group to reestablish operations in the wake of sanctions against Tornado Cash and the closure of Sinbad for similar actions against the platform.
A wallet previously associated with North Korean cyber operations began receiving funds from Sinbad; however, recent findings by the blockchain analysis firm indicate that the wallet now receives funds from YoMix.
The prominent blockchain analytics company Chainalysis disclosed on Thursday, in a report, that North Korean hackers affiliated with the infamous Lazarus Group have transitioned to utilizing innovative methods of money laundering and are progressively employing cross-chain bridges to obscure the provenance of unlawfully acquired cryptocurrency funds.
Historically, the Lazarus Group, a notorious organization recognized for its participation in multiple breaches that compromised cryptocurrency companies and protocols including Atomic Wallet, Coincheck, and Harmony, among others, utilized services such as the Sinbad mixer and the Tornado Cash mixing protocol. Chainalysis reports, nevertheless, that the collective has since migrated to YoMix, an alternative blending platform.
Chainalysis observed a substantial escalation in the inflow of funds into YoMix over the course of 2023, with daily inflows multiplying by five. Disturbingly, around one-third of these funds originated from wallets linked to cryptocurrency breaches, suggesting that malicious actors heavily relied on the aggregator to obscure the provenance of their funds.
The increase in the utilization of YoMix serves as an illustration of how sophisticated threat actors can adapt to changing security measures and the closure of formerly prevalent channels for money laundering. The increased utilization of YoMix, in conjunction with its endorsement by highly sophisticated cybercriminal organizations, underscores the capacity of these entities to adjust and locate substitute laundering services in the face of regulatory scrutiny.
In addition, Chainalysis identified a transition towards less centralized money laundering practices at the level of the deposit address, despite a minor increase in the concentration of laundering activities at the level of the service. By utilizing a variety of nested services or deposit addresses to evade the detection of law enforcement and exchange compliance teams, this trend indicates that crypto criminals may be diversifying their laundering operations.
Lazarus Group hackers have embraced the use of cross-chain bridges, which facilitate the transfer of cryptocurrencies across distinct blockchain networks, in addition to employing novel mixing protocols. Crossing bridges transferred $743.8 million worth of cryptocurrency from addresses associated with criminal activities in 2023, a doubling from the previous year, according to Chainalysis. This indicates that bridging protocols are gaining popularity among cybercriminals.
Also Read: CEO slams Satoshi Action Fund for challenging the way the EIA works