Hackers launder $27 million in stolen Ethereum from North Korean
The money taken in June 2022 is still being laundered by the North Korean exploiters behind the Harmony Bridge attack. The criminals transferred another $27.18 million in Ethereum (ETH) over the weekend, as shown by on-chain data published on January 28 by blockchain detective ZachXBT.
ZachXBT said in a Twitter thread that the tokens had been moved to six other cryptocurrency exchanges, but he did not reveal which platforms had been recipients of the tokens. Transactions were carried out from the three main addresses.
ZachXBT claims that exchanges were informed of the cash movement and that some of the stolen assets were blocked as a result. The exploiters’ activities to launder the money were strikingly similar to those carried out on January 13, when over $60 million was laundered, the crypto detective observed. Profiteers tried to launder the money.
A few days after the Federal Bureau of Investigation (FBI) determined that the Lazarus Group and APT38 were the perpetrators responsible for the $100 million breach, the cash was transferred shortly after. The Federal Bureau of Investigation (FBI) released a statement stating that “through our investigation, we were able to confirm that the Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $100 million in virtual currency from Harmony’s Horizon bridge.”
Transfers between Harmony and the Ethereum network, Binance chain and Bitcoin can be made easier using the Harmony Bridge. On June 23, a large number of tokens with a total value of around $100 million were taken from the network.
After the vulnerability was discovered, 85,700 Ether were sent via the Tornado Cash mixer and then deposited to a number of other addresses. On January 13, cybercriminals began moving around $60 million worth of stolen cash using a privacy protocol called RAILGUN that was based on Ethereum. MistTrack, a cryptocurrency monitoring tool, conducted an investigation and found that 350 addresses are linked to the attack. These addresses were used across multiple exchanges in an attempt to hide their identities.
Lazarus is a well-known cyber group that has been linked to a number of significant breaches in the cryptocurrency sector, including the theft of $600 million from cryptocurrency exchange Ronin Bridge last March.