Summary: A 29-year-old Russian national was arrested in Buenos Aires for laundering cryptocurrency linked to North Korean hackers, specifically the Lazarus group. The individual was involved in a complex network of transactions to obscure the origins of over $100 million in stolen funds.
Threat Actor: Lazarus Group | Lazarus Group
Victim: Various cryptocurrency exchanges and victims of cybercrime | cryptocurrency exchanges
Key Point :
- Arrested individual laundered funds through crypto exchanges and tumblers, converting them into fiat money.
- He processed $100 million from the Lazarus group, linked to significant crypto heists including the Harmony Horizon hack.
- Investigators identified him through blockchain analysis and intelligence from Binance, leading to the seizure of incriminating electronic devices and cryptocurrency wallets.
The federal police in Argentina (PFA) have arrested a 29-year-old Russian national in Buenos Aires on charges of money laundering related to cryptocurrency proceeds belonging to the North Korean Lazarus hackers.
The San Isidro Specialized Fiscal Unit in Cybercrime Investigations (UFEIC) collaborated with blockchain analysis firm TRM Labs to identify and locate the individual despite him using a complex transactions network that span across multiple blockchains to obfuscate the source of the assets.
The man accepted large amounts of stolen cryptocurrency from multiple actors including the Lazarus group, distributors of child abuse content, financiers of terrorism. The suspect laundered the funds through crypto exchanges and tumblers, and then converted the assets into fiat money.
Source: TRM Labs
According to La Nacion, the arrested individual (V.B.) processed $100 million from the North Korean hackers at some point, referring to the June 2022 Harmony Horizon hack that the FBI attributed to Lazarus in January 2023.
This was one of Lazarus’ largest crypto heists, along with the $625 million stolen from Ronin Network in March 2022 and the $60 million stolen from Alphapo in July 2023.
La Nacion reports that the suspect had set up a money laundering operation in his seventh-floor apartment, where people carrying briefcases, bags, and backpacks were coming and going daily, exchanging currencies and performing cryptocurrency transfers.
Investigations into V.B.’s activities reveal that he purchased over 1.3 million of the USDT stablecoin using Russian rubles and has performed 2,463 cryptocurrency transfers via Binance Pay, amounting to over $4.5 million USDT.
Reportedly, the man was constantly on the move since his arrival in Argentina two years ago, changing apartments every month, successfully evading tracking since November 2023 when the investigations started.
Eventually, using intelligence from Binance, the investigators found the location of the individual.
PFA agents seized from the apartment all electronic devices that could incriminate the suspect, as well as point to other high-profile cybercriminals and their enablers.
Additionally, two cryptocurrency wallets were seized, holding $54,290 each and $15 million in crypto assets linked to the suspect.
Meanwhile, as per the latest available information from Chainalysis, the Lazarus group have turned to a new crypto tumbler service named YoMix to launder their crime proceeds.