In the last week, the infamous North Korean hacking group Lazarus has been seen busy moving the funds stolen from the Harmony Bridge hack in June of 2022.
On Monday, January 16th, a blockchain sleuth ZachXBT shared the details of the movements of large amounts of Ethereum coins siphoned off in the $100 million hack of Harmony blockchain-based bridge called Horizon Bridge.
Lazarus Group Moves $63.5 Million to Three Exchanges
On June 24th, 2022, hackers stole over $100 million in crypto assets from Horizon Bridge, a bridge that enabled assets to be transferred between the Harmony blockchain and other blockchains. The stolen crypto assets included Ether (ETH), Tether (USDT), Wrapped Bitcoin (WBTC) and BNB.
According to an Elliptic report, the North Korean Lazarus Group was behind this hack. The hack resulted from a compromised cryptographic key of a multi-signature wallet, likely through a social engineering attack on Harmony team members.
Immediately after the hack, hackers used decentralized exchange (DEX) Uniswapto to convert Ethereum-based assets into ETH, totaling 85,837 ETH at that time.
The group then these ETH assets to Tornado Cash, a crypto mixer often used to launder proceeds of crypto crimes. From there, these funds went to a number of Ethereum wallets.
Since then, the funds were not moved any further. However, in the last week, Lazarus Group has been seen busy moving a large chunk of these stolen funds. According to the blockchain detective ZachXBT, the movements of the funds originate from Tornado Cash and onto three exchanges through Railgun, a smart contract privacy platform that uses zero-knowledge proofs to obfuscate transactions.
1/2 North Korea’s Lazarus Group had a very busy weekend moving $63.5m (~41000 ETH) from the Harmony bridge hack through Railgun before consolidating funds and depositing on three different exchanges. pic.twitter.com/huDumaJeSh
— ZachXBT (@zachxbt) January 15, 2023
ZachXBT, tracking more than 350 associated addresses, finds that between Jan 13 and 14, around 41,000 ETH worth roughly $63.5 million was sent through Railgun before being deposited on three different not-mentioned exchanges. The detective wrote:
“North Korea’s Lazarus Group had a very busy weekend moving $63.5m (~41000 ETH) from the Harmony bridge hack through Railgun before consolidating funds and depositing on three different exchanges.”
The Infamous Lazarus is reported to be the culprit behind the massive crypto and government-level hacks. According to South Korea’s National Intelligence Service (NIS) December 2022 report, North Korea-sponsored Lazarus Group has stolen $1.2 billion in cryptocurrencies worldwide since 2017. The group siphoned off $626 million from DeFi platforms in 2022 alone.
As reported, Japan has also identified Lazarus as the culprit for a string of crypto-related cyber assaults spanning several years.