Over the weekend, the North Korean infamous hacker group Lazarus moved around 41,000 ETH worth $64 million related to the Harmony blockchain hack.
On January 16, a blockchain investigator nicknamed ZachXBT tweeted about the movement of large amounts of Ethereum cryptocurrency that could be attributed to the hack. The origins of crypto assets can be traced to Tornado Cash – an open-source privacy solution for the Ethereum network that helps to conceal the origin of the assets.
According to the tweet, the funds went through a smart contract privacy platform, Railgun, and were deposited on 350 addresses on three different crypto exchanges – Binance, Huobi, and OKX. After being deposited, the funds were immediately withdrawn for laundering.
Binance CEO tweeted that the company detected the illicit fund movement. He acknowledged that it was not the first time hackers tried to use the Binance crypto exchange to launder funds, but the company has frozen their accounts. He also claims that even though this time they used another exchange Huobi, the Binance team cooperated with the platform and recovered 124 Bitcoins (BTC).
According to blockchain analysis firm Chainalysis, Binance and Huobi are the primary criminal choices for the movement of illicit cryptocurrencies. The creator of Tornado Cash Alexey Pertsev was accused of facilitating money laundering by writing the code. He will remain arrested in a Dutch jail at least until February 2023.
Harmony hack linked to North Korea
California-based Harmony blockchain was shattered by the hack of its Horizon Bridge on June 24, 2022. The cross-chain bridge facilitated transfers of assets between Harmony and Ethereum, Binance Chain, and Bitcoin networks. Around $100 million worth of funds were stolen by hackers linked to the North Korean hacker group Lazarus. Harmony has offered a reward of $1 million for any information that could aid in solving the crime.
Lazarus has been known for targeting casinos, banks, cryptocurrency businesses, and the defense industry of Israel. The hacker unit is believed to be backed by Pyongyang. In 2022, it shifted its attention to the Decentralized Finance (DeFi) industry and cross-chain bridges and was suspected of being responsible for the $600 million Ronin Bridge hack in March 2022
State-backed cyber criminals
The North Korean regime backs cybercrime. North Korea allegedly has around 6,000 hackers who operate in over 150 countries. 10% of North Korea’s GDP comes from cybercrime
– specifically, fraud, theft, and ransomware.
In 2019, the UN security council report stated that since 2016, North Korea has been increasingly relying on hacking to generate income for the country's treasury. It is believed that most of the proceeds from these criminal activities are likely allocated to the national defense budget – to fund nuclear and missile testing.
As the government completely controls internet access, North Korea’s cryptocurrency industry is mainly crime-related and backed by the state. As per a report from South Korea's primary intelligence agency, hackers affiliated with the North Korean government have stolen $1.2 billion worth of cryptocurrency.
More from Cybernews:
Subscribe to our newsletter