According to blockchain analyst ZachXBT, the North Korean hacker group Lazarus attempted to transfer no less than 41,000 ether (ETH) to Railgun and then transferred it to various exchanges. According to Changpeng Zhao, part of the funds could be intercepted in the form of Bitcoin (BTC) thanks to the collaboration between Binance and Huobi. OKX also blocked an affected account.
41,000 ETH on the go
Decentralized finance protocols are prime targets for hackers from all walks of life. They are particularly interesting prey for the Lazarus group, suspected of funding the North Korean government.
Recently, the group appears to be behind the Harmony Bridge hack. He stole the equivalent of $100 million from the cross-chain bridge protocol. Additionally, the Lazarus Group is also rumored to have launched an attack on Ronin, related to the game Axie Infinity.
More recently, malware detections from Microsoft have shown that the activities of the Lazarus group are far from standing still.
Over the weekend, Lazarus, a very active hacker group affiliated with the North Korean government, transferred tens of thousands of ETH to several cryptocurrency exchanges, according to on-chain analyst Zachxbt.
No less than 41,000 ETH stolen by North Korean hackers Lazarus Group are currently deposited on cryptocurrency exchanges.
According to an analysis of online shared cryptocurrency activity, ETH was sent through the anonymous Railgun system, then stored in wallets and sent to three major cryptocurrency exchanges to be exchanged for fiat currency. .
“North Korea’s Lazarus Group had a busy weekend moving $63.5 million (~41,000 ETH) from the Harmony Bridge hack via Railgun before consolidating the funds and depositing them on three different exchanges,” Zachxbt tweeted .
The 350 addresses identified by ZachXBT were all used to funnel funds in different ways to disperse evidence.
The 41,000 ETH currently in circulation, worth approximately $64.2 million at current exchange rates, originated from the infamous Harmony Bridge hack in June 2022. This virtual bridge is used to transfer tokens between the Harmony network and Ethereum, the BNB and Bitcoin chain.
According to Binance CEO Changpeng Zhao, some of the funds have been intercepted.
“We have detected a movement of funds from the Harmony One hacker. He had previously attempted to launder his funds via Binance and we froze his accounts. This time he used Huobi. We helped Huobi team to block their accounts. Together, 124 BTC were recovered. CeFi helps maintain DeFi #SAFU [sécurisée, NDLR] »
CZ’s tweet suggests that Lazarus hackers may have converted at least some of the funds into Bitcoin (BTC). Thus, thanks to the collaborative work between the security teams of the Binance and Huobi exchanges, 124 BTC could be intercepted, or about 2.4 million dollars at current market prices.
In response to this tweet, someone asked Changpeng Zhao whether exchanges communicate with each other in this kind of situation, and CZ replied that “most” exchanges are willing to cooperate, but not necessarily “all exchanges”. .
For its part, OKX says it blocked the accounts in question on its exchange at the request of the authorities.
Either way, the rest of the Harmony Bridge hack funds should no doubt be moved soon given how quickly they can be frozen.