Binance and Huobi freeze $1.4M in crypto linked to North Korean hackers

Cryptocurrency exchanges Binance and Huobi have again frozen accounts linked to the $100 million Harmony Horizon bridge attack on Jun. 24, 2022. 

Around $1.4 million worth of crypto frozen by the trading platforms came from accounts linked to the notorious Lazarus Group operating out of North Korea.

The investigation was carried out by blockchain analytics firm Elliptic, according to a report shared by the firm on Feb. 14. However, the firm didn’t state what coins or tokens were frozen.

Exchanges @binance and @HuobiGlobal today froze accounts containing $1.4 million stolen by North Korea’s Lazarus Group. This was made possible thanks to intel from Elliptic’s real-time investigations tools and a swift response by the receiving exchanges.https://t.co/f5bVpm8yfH

— elliptic (@elliptic) February 14, 2023

Elliptic explained it passed on the intelligence to Binance and Houbi who then acted promptly to freeze the Lazarus Group-linked accounts:

“The stolen funds remained dormant until recently, when our investigators began to see them funneled through complex chains of transactions, to exchanges. By promptly notifying these platforms about these illicit deposits, they were able to suspend these accounts and freeze funds.”

Since the Harmony exploit, it has been well documented that Lazarus Group resorted to the now United States OFAC-sanctioned privacy mixer Tornado Cash in an attempt to break the transaction trail back to the original theft.

While this supposedly makes it easier to cash out funds at an exchange, Elliptic investigators were able to trace the entirety of the stolen funds sent through the mixer in this case, the report stated.

Elliptic CEO Simone Maini suggested the events showed the industry was taking on the responsibility to prevent money laundering and stop crypto from becoming a “haven” for illicit activity:

“Today, money laundering was detected and stolen funds linked to North Korea were frozen, in real time. As an industry we have the power and responsibility to prevent digital assets becoming a haven for money launderers and sanctions evaders, and ensure that they are a force for good.”

The Harmony bridge attack was also attributed to the Lazarus Group by the United States Federal Bureau of Investigation (FBI) on Jan. 24.

This isn’t the first time Binance and Huobi have cooperated together on the matter.

The two platforms managed to freeze and recover 121 Bitcoin (BTC), worth $2.5 million at the time, linked to the Harmony attack on Jan. 16.

Related: Illicit cross-chain transfers expected to grow to $10B: Here’s how to prevent them

The recovery was, however, only a fraction of the $63.5 million laundered over that weekend, according to crypto sleuth ZachXBT, which he claims was funneled through Ethereum-based privacy protocol RAILGUN before being sent off to three different exchanges:

1/2 North Korea’s Lazarus Group had a very busy weekend moving $63.5m (~41000 ETH) from the Harmony bridge hack through Railgun before consolidating funds and depositing on three different exchanges. pic.twitter.com/huDumaJeSh

— ZachXBT (@zachxbt) January 15, 2023

Recent efforts from Elliptic last week also found that Lazarus Group has laundered about $100 million in Bitcoin through “Sinbad,” which they claim to be a re-launch of the now OFAC-sanctioned privacy mixer Blender.

Lazarus Group is believed to have stolen well over $2 billion in crypto since it shifted its focus to the industry in 2017 according to estimates from Elliptic.

This platform turns data into cryptocurrency   Sept. 17, 2021
Immunefi partners with Binance Smart Chain on bug bounties to secure BSC projects   July 9, 2021
‘Nobody is holding them back’ — North Korean cyber-attack threat rises   July 12, 2022
Binance, Huobi team up to recover $2.5M from Harmony One hackers   Jan. 16, 2023
NFT-delivered court orders an answer to blockchain-related litigation: Lawyers   Jan. 24, 2023