North Korean hackers launder $27M ETH from Harmony Bridge attack

Published at: Jan. 29, 2023

North Korean exploiters behind the Harmony Bridge attack continue to launder the funds stolen in June 2022. According to on-chain data revealed on Jan. 28 by blockchain sleuth ZachXBT, the perpetrators moved another $27.18 million in Ethereum (ETH) over the weekend.

The tokens were transferred to six different crypto exchanges, noted ZachXBT in a Twitter thread, without disclosing which platforms had received the tokens. Three main addresses carried out the transactions.

According to ZachXBT, exchanges were notified about the funds transfer and part of the stolen assets were frozen. The movements made by the exploiters to launder the money were very similar to those taken on Jan. 13, when over $60 million was laundered, noted the crypto detective.

Who’s active rn? DPRK just finished laundering another $17.7m+ (11304 ETH) from the Harmony Bridge hack.S/o to the exchanges who responded quickly on a weekend so funds could be frozen. pic.twitter.com/sUyUScHR4N

— ZachXBT (@zachxbt) January 29, 2023

The funds were moved a few days after the Federal Bureau of Investigation (FBI) confirmed the Lazarus Group and APT38 as the criminals behind the $100 million hack. In a statement, the FBI noted that “through our investigation, we were able to confirm that the Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $100 million of virtual currency from Harmony’s Horizon bridge.”

Related: ‘Nobody is holding them back’ — North Korean cyber-attack threat rises

The Harmony Bridge facilitates transfer between Harmony and the Ethereum network, Binance Chain and Bitcoin. A number of tokens worth about $100 million were stolen from the platform on Jun. 23.

Following the exploit, 85,700 Ether was processed through the Tornado Cash mixer and deposited at multiple addresses. On Jan. 13, the hackers started shifting around $60 million worth of the stolen funds via the Ethereum-based privacy protocol RAILGUN. According to an analysis from crypto tracking platform MistTrack, 350 addresses have been associated with the attack through many exchanges in an attempt to avoid identification.

Lazarus is a well-known hacking syndicate that has been implicated in a number of key crypto industry breaches, including the $600 million Ronin Bridge hack last March.

Tags
Related Posts
DeFi enjoys a prolific start to 2023: Finance Redefined
Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. 2023 started on a bullish note for the entire crypto market, including the DeFi ecosystem, with most of the tokens posting double-digit gains in January and recording multi-month highs. Aside from the bull rally, January also saw a 93% year-on-year decline in losses from DeFi exploits and hacks. The slew of regulatory action against the Mango Markets exploiter is being hailed as a big win for the DeFi sector. The United States Securities and …
Regulation / Feb. 3, 2023
Binance and Huobi freeze $1.4M in crypto linked to North Korean hackers
Cryptocurrency exchanges Binance and Huobi have again frozen accounts linked to the $100 million Harmony Horizon bridge attack on Jun. 24, 2022. Around $1.4 million worth of crypto frozen by the trading platforms came from accounts linked to the notorious Lazarus Group operating out of North Korea. The investigation was carried out by blockchain analytics firm Elliptic, according to a report shared by the firm on Feb. 14. However, the firm didn’t state what coins or tokens were frozen. Exchanges @binance and @HuobiGlobal today froze accounts containing $1.4 million stolen by North Korea’s Lazarus Group. This was made possible thanks …
Blockchain / Feb. 15, 2023
US Treasury targets NFTs for potential high-value art money laundering
The U.S. Department of the Treasury released a study on the high-value art market, highlighting the potential in the nonfungible tokens (NFT) space to conduct illicit money laundering or terror financing operations. The treasury’s “Study of the facilitation of money laundering and terror finance through the trade in works of art” suggested that the increasing use of art as an investment or financial asset could make the high-value art trades vulnerable to money laundering: “The emerging online art market may present new risks, depending on the structure and incentives of certain activity in this sector of the market (i.e., the …
Adoption / Feb. 6, 2022
Ankr says ex-employee caused $5M exploit, vows to improve security
A $5 million hack of Ankr protocol on Dec. 1 was caused by a former team member, according to a Dec. 20 announcement from the Ankr team. The ex-employee conducted a “supply chain attack” by putting malicious code into a package of future updates to the team’s internal software. Once this software was updated, the malicious code created a security vulnerability that allowed the attacker to steal the team’s deployer key from the company’s server. After Action Report: Our Findings From the aBNBc Token Exploit We just released a new blog post that goes in-depth about this: https://t.co/fyagjhODNG A pic.twitter.com/d6psUbpxNY …
Defi / Dec. 21, 2022
Crypto exploit losses in January see nearly 93% year-on-year decline
Aside from the bullish crypto market rally in January, there’s been more positive industry news as the month saw a decline in losses from exploits compared to the same time last year. According to data from blockchain security firm PeckShield on Jan. 31, there were $8.8 million in losses from crypto exploits in January. There were 24 exploits over the month, with $2.6 million worth of crypto being sent to mixers such as Tornado Cash. The breakdown of assets sent to mixers includes 1,200 Ether (ETH) and around 2,668 BNB (BNB). The January figures are 92.7% lower than the $121.4 …
Defi / Feb. 1, 2023