North Korea’s Lazarus Group Moves More than $60 Million from Harmony Bridge Hack
Over the Martin Luther King Jr. holiday weekend, North Korea’s state-owned cybercrime entity the Lazarus Group, most famously linked to the 2014 Sony Pictures hack, moved approximately 41,000 ETH or more than $60 million of Ethereum to the crypto exchanges Binance, Huboi and OKX. The funds were taken from last year’s Harmony blockchain bridge hack, which resulted in the stealing of nearly $100 million in crypto, according to internet detective ZachXBT.
Binance and Huboi both froze the funds, with Binance declaring that 124 BTC in assets were recovered during the process.
“They previously tried to launder through Binance and we froze his accounts,” Binance CEO Changpeng “CZ” Zhao said. This time he [the hacker] used Huobi. We assisted Huobi team to freeze his accounts.”
The group relied on the RailGun smart contract to anonymize and obscure the identities of the North Korean hackers. During the Harmony bridge attack, the same group used Tornado Cash, a now banned crypto mixer that also conceals the names of people behind transactions.
According to ZachXBT, 350,000 unique wallet addresses were part of Friday’s operation.
Last year, the U.S. Treasury Department placed the Lazarus Group on a designated list created by the Office of Foreign Assets Control Specially Designated Nationals and Blocked Persons for its role in the Axie Infinity crypto attack.
According to the U.N. Security Council, since 2018 the group is responsible for swindling over $200 million worth of crypto each year for Pyongyang’s nuclear program.