Lazarus Group moves stolen funds, over $2 million intercepted

According to blockchain analyst ZachXBT, the North Korean hacker group Lazarus attempted to transfer no less than 41,000 ether (ETH) to Railgun and then transferred them to various exchanges. According to Changpeng Zhao, part of the funds could be captured in the form of Bitcoin (BTC) thanks to the cooperation between Binance and Huobi. OKX also froze an affected account.

41,000 ETH in motion

Decentralized finance protocols are prime targets for hackers from all walks of life. They are particularly interesting prey for the Lazarus group, suspected of funding the North Korean government.

Recently, the group appears to be behind the Harmony Bridge hack. He stole the equivalent of $100 million from the cross bridge protocol. Additionally, the Lazarus Group is also said to have launched an attack on Ronin, linked to the game Axie Infinity.

Recently, Microsoft’s malware discoveries have shown that the activities of the Lazarus group are far from stopped.

Over the weekend, Lazarus, a highly active hacking group linked to the North Korean government, transferred tens of thousands of ETH to several cryptocurrency exchanges, according to on-chain analyst Zachxbt.

No less than 41,000 ETH stolen by North Korean hackers Lazarus Group are currently deposited on cryptocurrency exchanges.

According to an analysis of cryptocurrency activity distributed online, ETH was sent through the Railgun anonymous system, then stored in wallets and sent to three major cryptocurrency exchanges to be exchanged for fiat currency. .

“North Korea’s Lazarus Group had a busy weekend moving $63.5 million (~41,000 ETH) from the Harmony Bridge hack via Railgun before consolidating funds and depositing on three different exchanges,” Zachxbt tweeted.

The 350 addresses identified by ZachXBT were all used to channel funds in various ways in order to distribute the evidence.

The 41,000 ETH currently in circulation, worth about $64.2 million at the current exchange rate, originated from the infamous Harmony Bridge hack in June 2022. This virtual bridge is used to transfer tokens between the Harmony network and Ethereum, the BNB chain, and Bitcoin.

Cooperation of exchanges

According to Binance CEO Changpeng Zhao, some of the funds were seized.

“We have detected a movement of funds by the Harmony One hacker. He had previously tried to clear his funds through Binance and we froze his accounts. This time he used Huobi. We helped the Huobi team freeze their accounts. Altogether, 124 BTC were found. CeFi helps keep DeFi #SAFU [sécurisée, NDLR] »

CZ’s tweet suggests that the Lazarus hackers may have converted at least some of the funds to Bitcoin (BTC). Thus, thanks to the joint work between the security teams of exchanges Binance and Huobi, 124 BTC could be intercepted, or approximately $2.4 million at current market prices.

In response to this tweet, someone asked Changpeng Zhao if exchanges communicate with each other in this type of situation, and CZ replied that “most” exchanges are willing to cooperate, but not necessarily “all exchanges”.

For its part, OKX claims to have frozen the accounts in question on its stock exchange at the request of the authorities.

Either way, the rest of the funds from the Harmony Bridge hack should no doubt be moved soon, given how quickly they can be raised.

Leave a Comment