During the weekend, the notorious North Korean hacking gang Lazarus Group started transferring stolen money in the Harmony Bridge attack. Notably, the organization transferred over $63.5 million, or approximately 41,000 ETH.
On January 16, blockchain detective ZachXBT published information about the transfer of a significant amount of Ethereum. The cryptocurrency assets which originated from Tornado Cash were transferred via Railgun. Railgun is a private smart contract platform that uses zero-knowledge proofs to hide financial transactions.
According to the analyst who followed the trail of more than 350 addresses, some 41,000 ETH worth about $63.5 million were sent through Railgun and deposited on three different exchanges.
1/2 North Korea’s Lazarus Group had a very busy weekend moving $63.5m (~41000 ETH) from the Harmony bridge hack through Railgun before consolidating funds and depositing on three different exchanges. pic.twitter.com/huDumaJeSh
— ZachXBT (@zachxbt) January 15, 2023
Funds Frozen By Binance And Huobi
Binance’s CEO, CZ, tweeted that the exchange had previously uncovered suspicious money transfers from the Harmony One hackers when they attempted to launder money through Binance. As a result, the accounts were frozen by the exchange.
We detected Harmony One hacker fund movement. They previously tried to launder through Binance and we froze his accounts. This time he used Huobi. We assisted Huobi team to freeze his accounts. Together, 124 BTC have been recovered. CeFi helping to keep DeFi #SAFU!
— CZ Binance (@cz_binance) January 16, 2023
The Group had been keeping its money in Tornado Cash, a service that helps keep people’s identities secret and is used by criminals to launder money in the crypto industry.
The experts followed the funds through more than three hundred addresses. They concluded that Railgun had spread around 41,000 ETH among multiple receivers before the cryptocurrencies were deposited at various exchanges. He did not name the exchanges, but he did say that the Lazarus Group routinely makes rapid withdrawals from such platforms.
Connections Between Lazarus And Harmony’s Attack
Lazarus is now quite skilled at hiding their movements from law enforcement agencies while transferring illegal cryptocurrencies. For example, they were suspected of being behind the attack on Harmony Bridge in June 2022. In-depth information about the attack was published by Elliptic, a blockchain analytics service, at the time it occurred.
Multiple large crypto heists, totaling over $2 billion, have been linked to the Lazarus Group. DeFi and cross-chain bridges became a new target in 2022, and the group was also suspected of being behind the $600 million Ronin Bridge attack.
According to a recent report by cybersecurity firm Kaspersky, another North Korean hacker group BlueNoroff has expanded its illegal activities by posing as venture capitalists looking to invest in cryptocurrency startups.
Kaspersky’s report shows the global attacks by BlueNoroff against cryptocurrency businesses were uncovered in January 2022 but slowed down until the fall.
Theft of cryptocurrency has become a profitable business for North Korean hackers. According to information about their operations, South Korean spying services estimate that over $1.2 billion in cryptocurrency has been stolen from the global community since 2017. In 2022, numerous companies, including FTX, were victims of cyberattacks.
At the time of writing, Bitcoin is trading around $20,800, up 21% in the last week. It is currently trading above its 50-day Simple Moving Average (SMA), which indicates that the price will remain bullish in the short term.
Featured image from Euronews, Chart from Tradingview.com.