North Korean hackers try to launder $27M in ETH from Harmony bridge attack
North Korean exploiters behind the Harmony bridge attack continue to try and launder the funds stolen in June. According to on-chain data revealed on Jan. 28 by blockchain sleuth ZachXBT, over the weekend the perpetrators moved 17,278 Ether (ETH), worth about $27 million.
The tokens were transferred to six different crypto exchanges, ZachXBT wrote in a Twitter thread, without disclosing which platforms had received the tokens. Three main addresses carried out the transactions.
According to ZachXBT, the exchanges were notified about the fund transfers and part of the stolen assets were frozen. The movements made by the exploiters to launder the money were very similar to those taken on Jan. 13, when over $60 million was laundered, the crypto detective said.
Who’s active rn?
DPRK just finished laundering another $17.7m+ (11304 ETH) from the Harmony Bridge hack.
S/o to the exchanges who responded quickly on a weekend so funds could be frozen. pic.twitter.com/sUyUScHR4N
— ZachXBT (@zachxbt) January 29, 2023
The funds were moved a few days after the Federal Bureau of Investigation (FBI) confirmed that Lazarus Group and APT38 were the criminals behind the $100 million hack. In a statement, the FBI noted that “through our investigation, we were able to confirm that the Lazarus Group and APT38, cyber actors associated with the DPRK [North Korea], are responsible for the theft of $100 million of virtual currency from Harmony’s Horizon bridge.”
Related: ‘Nobody is holding them back’ — North Korean cyber-attack threat rises
Harmony’s Horizon Bridge facilitates transfer between Harmony and the Ethereum network, Binance Chain and Bitcoin. A number of tokens worth about $100 million were stolen from the platform on June 23.
Following the exploit, 85,700 Ether was processed through the Tornado Cash mixer and deposited at multiple addresses. On Jan. 13, the hackers started shifting around $60 million worth of the stolen funds via the Ethereum-based privacy protocol RAILGUN. According to an analysis from crypto tracking platform MistTrack, 350 addresses have been associated with the attack through many exchanges in an attempt to avoid identification.
Lazarus is a well-known hacking syndicate that has been implicated in a number of key crypto industry breaches, including the $600 million Ronin Bridge hack last March.
