Over the weekend, the notorious North Korean hacking gang Lazarus Group started transferring money stolen in the Harmony Bridge attack. In particular, the organization transferred more than $63.5 million, or approximately 41,000 ETH.
On January 16, blockchain detective ZachXBT published information about the transfer of a significant amount of Ethereum. Cryptocurrency assets derived from Tornado Cash are transferred via Railgun. Railgun is a private smart contract platform that uses zero-knowledge proof to hide financial transactions.
According to analysts who followed the traces of more than 350 addresses, some 41,000 ETH worth about $63.5 million were sent through Railgun and stored in three different exchanges.
1/2 North Korea’s Lazarus Group had a very busy weekend moving $63.5m (~41000 ETH) from the Harmony bridge hack via Railgun before consolidating the funds and placing them on three different exchanges. pic.twitter.com/huDumaJeSh
— ZachXBT (@zachxbt) January 15, 2023
Freeze Funds By Binance And Huobi
Binance CEO CZ tweeted that the exchange had previously discovered suspicious money transfers from the Harmony One hacker while trying to launder money through Binance. As a result, the account is frozen by the exchange.
We detected the movement of the Harmony One hacker’s funds. He previously tried to launder through Binance and we froze his account. This time he used Huobi. We help the Huobi team to freeze the account. Together, 124 BTC have been returned. CeFi helps maintain DeFi #JARIK! 🙏
— CZ 🔶 Binance (@cz_binance) January 16, 2023
The group keeps money in Tornado Cash, a service that helps keep people’s identities secret and is used by criminals to launder money in the crypto industry.
Experts follow the funds through more than three hundred addresses. He concluded that Railgun had distributed around 41,000 ETH among several recipients before the cryptocurrencies were stored on various exchanges. He did not name the exchange, but he said that the Lazarus Group regularly makes quick withdrawals from the platform.
The Connection Between Lazarus And Harmony Strikes
Lazarus is now quite adept at hiding his movements from law enforcement agencies while transferring illegal cryptocurrencies. For example, he is suspected of being behind the attack on Harmony Bridge in June 2022. In-depth information about the attack was published by Elliptic, a blockchain analytics service, when it happened.
Multiple large crypto heists, totaling over $2 billion, have been linked to the Lazarus Group. DeFi and cross bridges are new targets in 2022, and the group is also suspected of being behind the $600 million Ronin Bridge attack.
According to new report by cybersecurity company Kaspersky, another North Korean hacker group BlueNoroff has developed illegal activities by posing as venture capitalists looking to invest in cryptocurrency startups.
Kaspersky reports indicate a global attack by BlueNoroff against cryptocurrency businesses was discovered in January 2022 but was delayed until autumn.
Cryptocurrency theft has become a lucrative business for North Korean hackers. According to information on operations, the South Korean spy service estimates that more than $1.2 billion in cryptocurrency has been stolen from the global community since 2017. In 2022, many companies, including FTX, will be victims of cyberattacks.
At the time of writing, Bitcoin is trading around $20,800, up 21% over the past week. It is currently trading above the 50-day Simple Moving Average (SMA), which indicates that the price will remain bullish in the short term.
Selected image from Euronews, Chart from Tradingview.com.