The North Korean exploiters behind the Harmony Bridge attack continued to launder the stolen funds in June 2022. According to on-chain data revealed on January 28 by blockchain sleuth ZachXBT, the perpetrators moved another $27.18 million in Ethereum (ETH) at the end week.
The tokens are transferred to six different crypto exchanges, noted ZachXBT in a Twitter thread, without disclosing which platform has received the token. Three main addresses carry out these transactions.
According to ZachXBT, the exchange was notified of the transfer of funds and a portion of the stolen assets has been frozen. The movements made by the exploiters to launder money are very similar to those taken on January 13, when more than $60 million was laundered, crypto detectives noted.
Who is active?
The DPRK just finished laundering another $17.7m+ (11304 ETH) from the Harmony Bridge hack.
S/o to the exchange that responded quickly over the weekend so the funds could be frozen. pic.twitter.com/sUyUScHR4N
— ZachXBT (@zachxbt) January 29, 2023
The funds were moved days after the Federal Bureau of Investigation (FBI) confirmed Lazarus Group and APT38 were the criminals behind the $100 million hack. In a statement, the FBI noted that “through our investigation, we were able to confirm that the Lazarus Group and APT38, a cyber actor linked to the DPRK, were responsible for the theft of $100 million in virtual currency from Harmony’s Horizon bridge.”
Related: ‘There’s no holding back’ – threat of North Korean cyber attack rises
The Harmony Bridge facilitates transfers between Harmony and the Ethereum, Binance Chain and Bitcoin networks. Some tokens worth about $100 million were stolen from the platform on June 23.
After the exploit, 85,700 Ether was processed through the Tornado Cash mixer and stored in multiple addresses. On January 13th, hackers began transferring around $60 million in stolen funds through the Ethereum-based privacy protocol RAILGUN. According to the analysis of the crypto tracking platform MistTrack, 350 addresses have been linked to the attack through many exchanges to prevent identification.
Lazarus is a notorious hacking syndicate that has been implicated in several major crypto industry breaches, including the $600 million Ronin Bridge hack last March.