Blockchain security firm Match Systems has revealed the existence of an individual tied to a cryptocurrency laundering operation, offering stolen tokens from notable exchange hacks. Through investigations conducted in the summer of 2023, Match Systems identified this individual, who is reportedly selling stolen cryptocurrency tokens via peer-to-peer transfers.
A message from the seller advertising stolen tokens being linked to CoinEx and Stake hacks. Source: Match Systems
How it Works
The investigators successfully made contact with the individual on Telegram, confirming their control over an address containing over $6 million worth of cryptocurrencies. Transactions involving stolen assets were facilitated through a Telegram bot, offering a 3% discount off the token’s market price. The user announced the availability of new tokens for sale, suggesting a possible connection to CoinEx or Stake companies.
Identity Concealed but Location Narrowed Down
While the individual’s full identity remains concealed, Match Systems has narrowed down their location to the European time zone based on received screenshots and conversation timings. It is believed that this individual is associated with the core hacking team, possibly having been de-anonymized as a form of guarantee against misuse of the stolen assets.
The individual displayed erratic behavior during interactions, often leaving abruptly with excuses like “Sorry, I must go; my mom is calling me to dinner.” They consistently offered a 3% discount and used Bitcoin as a means of payment for the stolen tokens. The suspect had previously sold $6 million worth of TRON (TRX) tokens and is currently advertising $50 million worth of TRX, Ether (ETH), and Binance Smart Chain (BSC) tokens.
Differing Modus Operandi
Match Systems’ analysis suggests that the CoinEx and Stake hacks had slightly different identifiers in methodology compared to previous Lazarus Group hacks. Notably, recent incidents involved laundering funds in Commonwealth of Independent States (CIS) nations like Russia and Ukraine, unlike past Lazarus Group operations. The recent hacks also left more digital breadcrumbs, with social engineering being a prominent attack vector.
A Glimpse into North Korean Hackers
At the end of September 2023, blockchain data indicated that North Korean hackers had stolen approximately $47 million worth of cryptocurrency this year, including $42.5 million in BTC and $1.9 million in ETH. These incidents continue to shed light on the evolving tactics of cybercriminals in the cryptocurrency space.