Here is how Lazarus washes stolen crypto money, explained step by step:
---
🧠 Lazarus Group Money Laundering Strategy
1. Attack and Fund Theft
Lazarus hacks DeFi projects and exchanges:
Ronin Network (Axie Infinity): $625 million (2022)
Harmony Horizon Bridge: $100 million (2022)
Atomic Wallet, CoinEx, Poloniex, etc. (2023–2024)
They exploit smart contract vulnerabilities, phishing employees, or private key control.
---
2. Split and Layering
Stolen funds (in ETH, USDT, etc.) are immediately split into hundreds to thousands of wallets.
These wallets are used to complicate the tracking of fund flows.
---
3. Laundering via Tornado Cash
Tornado Cash is a mixer on the Ethereum network that obscures the origins of transactions.
Lazarus sends funds to Tornado in small incremental amounts (5–100 ETH) to avoid detection.
After entering Tornado, the funds exit to a new wallet that is not directly connected to the stolen wallet.
---
4. Cross-chain Bridging
They use bridges like THORChain or Avalanche Bridge to move funds across blockchains (Ethereum → Bitcoin → Tron).
The goal: to obscure the trail and avoid blocking.
---
5. Conversion to Stablecoin
Converting assets to stablecoins (USDT, USDC) via DEX or OTC market.
USDT is often used because it is easier to transfer quickly.
---
6. Withdrawal Through CEX with Loose KYC
Lazarus chooses small or regional exchanges in Asia (sometimes using fake identities) to withdraw fiat funds.
They can also use third parties (mules) to withdraw funds physically.
---
7. Use Funds for State Operations
According to reports from the UN and Chainalysis, stolen funds are used for:
Nuclear and weapons programs in North Korea.
Cyber intelligence operation costs.
Purchasing real-world assets (equipment, software, etc.).
