Crypto investigator ZachXBT noted that illicit laundering networks and small OTC brokers have successfully laundered funds stolen in several recent hacks linked to the Lazarus Group. He estimates the Black U market on Tron is no less than $5-$10B and largely unattributed.
The crypto trader also noted that many crypto exchanges sit and watch, collecting fees and doing nothing when more than 50% of the activity for their protocol comes from stolen funds. He believes that abuse in the crypto industry increased after politicians launched memecoins and numerous court cases were dropped, which further enabled the behavior.
Crypto sector sees surge in illicit laundering
ZachXBT believes there’s never been a worse time to do black hat (phishing, social engineering, robberies) versus gray hat hacks when the current environment is favorable. Hydra, the largest darknet marketplace in the world, previously facilitated over $5 billion in illegal transactions, primarily in BTC and Monero.
Criminals used to buy and sell illicit goods, then laundered proceeds through crypto exchanges in jurisdictions with weak AML laws, privacy wallets, and OTC (over-the-counter) brokers.
In 2016, hackers stole nearly 120K Bitcoin (worth $4.5 billion today) from the Bitfinex cryptocurrency exchange. The funds were moved across multiple wallets and laundered through various methods over several years, including chain hopping, crypto mixers, P2P platforms, and small VASPs.
In March 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned two Chinese nationals involved in laundering stolen crypto from a 2018 cyber attack against a cryptocurrency exchange. Tian Yinyin and Li Jiadong were sanctioned for laundering over $100 million in stolen funds linked to Lazarus Group.
“The North Korean regime has continued its widespread campaign of extensive cyber-attacks on financial institutions to steal funds. The United States will continue to protect the global financial system by holding accountable those who help North Korea engage in cyber-crime.”
– Steven Mnuchin , Former U.S. Secretary of the Treasury
Tom Robinson, co-founder of crypto investigator Elliptic, argued that North Korea is the best at laundering digital assets out of all criminal actors involved in cryptocurrency. Dorit Dor from the cyber security company Check Point said North Korea managed to create a successful industry for hacking and laundering through its closed system and closed economy. He also believes that a big problem is that not all crypto companies are as willing to help as others.
In February, the group hacked one of ByBit’s suppliers to secretly alter the digital wallet address for a transfer of 401,000 Ethereum. Crypto exchange eXch was accused by ByBit and others of not stopping criminals from cashing out more than $90 million through the platform.
Ari Redbord, global head of policy at TRM Labs, said that what sets the group’s ByBit hack apart is the pace of post-hack laundering. Redbord revealed that within two days of the attack, the group funneled $160 million through illicit channels. He also argued that the shift raised alarming questions about whether North Korea expanded its laundering capacity because criminal financial networks have never moved that quickly to process funds.
DOJ files civil forfeiture complaint against North Korean government
On June 5, the U.S. Department of Justice filed a civil forfeiture complaint in the U.S. District Court for the District of Columbia, targeting over $7.7M in digital assets, NFTs , and cryptocurrency linked to a global laundering scheme directed by North Korea. The complaint revealed that the assets represent the proceeds of wire fraud and money laundering offenses conducted by North Korean nationals acting under the direction of the Foreign Trade Bank and Ministry of Defense.
The department noted that the action focused on deploying North Korean IT workers abroad — primarily in China, Russia, and UAE — who used falsified identities to gain employment at U.S. and foreign tech firms. According to the civil complaint, payments made to the individuals, often in USDC and USDT, were allegedly routed through laundering networks and ultimately transferred to wallets controlled by sanctioned Democratic People’s Republic of Korea (DPRK) entities.
Cryptopolitan Academy: Coming Soon - A New Way to Earn Passive Income with DeFi in 2025. Learn More
