Blockchain investigator ZachXBT has revealed that funds stolen in recent crypto hacks—believed to be linked to the North Korean Lazarus Group—have been successfully laundered through illicit networks and unregulated over-the-counter (OTC) brokers.
These intermediaries specialize in moving large sums of stolen cryptocurrency with minimal traceability, exploiting weak KYC/AML enforcement in certain regions and platforms.
Laundered Funds Through Tron Network-Based “Black U” Market
A significant portion of this laundering activity has been traced to the Tron blockchain, where a shadowy marketplace known as the “Black U” is believed to operate.
According to ZachXBT’s estimates, the Black U market could be worth between $5 billion to $10 billion, making it one of the largest unregulated crypto laundering operations globally.
The market facilitates peer-to-peer trading of stolen or illicit crypto, primarily using USDT on Tron, which has become popular due to its low fees and fast settlement.
What’s particularly concerning is that most of the funds processed through Black U remain untraceable by current blockchain analytics tools, creating a serious blind spot for law enforcement and compliance teams.
These revelations underscore the growing sophistication of crypto laundering operations and the urgent need for stronger regulation, enhanced cross-border cooperation, and improved surveillance tools to curb the flow of illicit digital assets through networks like Tron.
Also Read: US Officials Seize $7.7M In Crypto From North Korean Hackers Posing As IT Freelancers
Lazarus Group Uses Advanced Tactics to Launder Stolen Crypto
The North Korean Lazarus Group has been laundering stolen crypto for years using increasingly sophisticated tactics.
After carrying out high-profile hacks—often targeting DeFi platforms, centralized exchanges, and cross-chain bridges—the group quickly moves funds through mixers like Tornado Cash or bridges assets across multiple blockchains to obscure their origin.
They frequently convert stolen tokens into stablecoins like USDT on fast, low-cost networks such as Tron. From there, the funds are funneled through illicit OTC brokers and peer-to-peer markets, bypassing traditional compliance checks.
These methods help them evade detection while funding North Korea’s sanctioned weapons programs.
Despite global efforts, much of their laundering activity remains untraceable, highlighting the challenge of enforcing anti-money laundering (AML) rules in decentralized and under-regulated crypto ecosystems.
North Korea Launders Crypto to Evade Sanctions and Fund Weapons Programs
North Korea launders cryptocurrency primarily to fund its weapons programs and evade international sanctions.
Due to severe economic restrictions, the regime has turned to cybercrime—especially hacking crypto platforms—as a critical revenue source.
Stolen digital assets are laundered through mixers, decentralized exchanges, and unregulated OTC brokers to hide their origin. These tactics allow North Korea to bypass traditional financial systems and access hard currency without detection.
Cryptocurrency offers speed, borderless access, and anonymity, making it an ideal tool for rogue states to finance prohibited activities.
Despite increased scrutiny, the regime continues exploiting vulnerabilities in the global crypto ecosystem to sustain its illicit operations.