Markets By TradingView

North Korean Cyber Criminals Launder $27 Million In ETH From Harmony Bridge Attack

The infamous Lazarus group from North Korea struck again. Three main addresses executed transactions worth $27.18 million to six cryptocurrency exchanges.

FTX
Cryptocurrency
Valentin
Valentin

Valentin

March 13, 2023

Cointelegraph reported about a massive money laundering from North Korean hackers. North Korean hackers involved in the Harmony Bridge attack are still laundering the stolen funds from June 2022. Blockchain investigator ZachXBT uncovered this through on-chain data on Jan 28, showing that the attackers transferred an additional $27.18 million in Ethereum over the weekend.

Twitter user ZachXBT reported on a Twitter thread that the stolen tokens were distributed among six crypto exchanges without revealing which ones. Three main addresses were used for the transactions. ZachXBT also stated that the exchanges were informed about the transfer and some of the assets were frozen. The crypto detective observed that the money laundering patterns used by the hackers were similar to those seen on Jan 13, when they laundered over $60 million.

A few days after the FBI confirmed that the Lazarus Group and APT38, associated with the DPRK, were responsible for the theft of $100 million in virtual currency from Harmony’s Horizon Bridge, the funds were relocated. The FBI made the announcement in a statement, saying, “Our investigation confirmed that Lazarus Group and APT38, cyber actors linked to the DPRK, stole $100 million in virtual currency from Harmony’s Horizon Bridge.”

Harmony Bridge enables transfers between Harmony, Ethereum network, Binance Chain, and Bitcoin. On Jun. 23, around $100 million worth of tokens were stolen from the platform. After the breach, 85,700 Ether was funneled through the Tornado Cash mixer and deposited in various addresses. On Jan. 13, the attackers started moving approximately $60 million of the stolen funds through the Ethereum-based privacy protocol RAILGUN. MistTrack, a crypto tracking platform, analyzed the attack and found that 350 addresses connected to the hackers have been dispersed across several exchanges to evade detection.

Lazarus is a notorious hacking group linked to multiple significant breaches. Especially japanese authorities had their problems with the group in the past