The FBI investigated the attacks for over six months with help from the National Cryptocurrency Enforcement Team, the U.S. Attorney’s Offices of California, and the District of Columbia.
Working similarly with other hacking gangs, BlueNoroff uses fake websites and mimics popular VC firms and financial institutions to scam victims in Europe and the Far East, particularly in Japan.
An investigation by cybersecurity firm Slowmist revealed that the North Korean hackers are working with bad actors from Eastern Europe to steal NFTs using decoy websites.
The latest threat saw the North Korean-linked hackers target digital asset investment companies on Telegram by joining investment groups on the chat platforms, according to Microsoft.
Law enforcement authorities in Japan have published a public attribution statement claiming Lazarus has been mainly using phishing tactics to target digital asset business in Japan.
OFAC said that The Lazarus Group used Tornado Cash to launder and steal digital currencies. The Treasury Department would also continue to pursue mixers laundering "virtual currency for criminals."
According to Elliptic, the methods used by the hackers in carrying out the hack and laundering the funds are reminiscent of other incidents that have been linked to the Lazarus Group.
BSV Blockchain launched an online platform in China called the "CSDN Blockchain Engineer Qualification program," which aims to help bitcoin beginners learn how to store data in a Bitcoin network.
The U.S. Treasury connected the theft to the North Korean hacker group Lazarus Group it also added the related Ethereum address to its sanctions list.
The hackers launched at least seven attacks targeting exchanges and investment firms and laundered the money through an intricate web of DEXes and mixers.
The team of hackers is reportedly controlled by Bureau 121, the division with responsibility for cyber warfare in the rogue state.