Plainbit analyzed two Bitcoin addresses publicly associated with Kimsuky in the June 2023 Korea-US joint advisory and traced their transaction behavior with QLUE. One address received small payments mostly from Upbit-linked sources and later sent change to addresses identified as Lazarus, while downstream funds moved through complex peel-chain patterns involving services such as Bitzlato, WhiteBIT, Paxful, FTX, and F2Pool/discus_fish. The second address received funds from an unidentified cluster, sent one transaction to a Lazarus-identified address, and then moved funds through similarly complex peel chains involving Binance, Bitzlato, Paxful, WhiteBIT, Payeer, Freewallet, LBank, and CoinPayments. The report concludes that the observed flows suggest operational linkage between Kimsuky- and Lazarus-tagged wallets and show DPRK-linked laundering behavior designed to complicate tracing without relying on CoinJoin.