North Korean Hackers Move 41,000 ETH Stolen From Harmony

A large portion of the funds connected to last year’s $100 million Horizon bridge attack have been moved from their wallets over the weekend, on-chain investigator ZachXBT said via Twitter on 16 January.

According to the crypto sleuth, North Korea’s Lazarus Group moved around 41,000 ETH ($63.5 million) from wallets connected to the Horizon exploit to Railgun, an Ethereum-based privacy-focused exchange that makes transactions hard to track. The hacking group then consolidated the funds into several addresses and moved them once again, this time to Huobi, Binance, and OKX.

Binance CEO Changpeng “CZ” Zhao later revealed that his exchange detected that the hacker tried to move a portion of those funds through Huobi, and assisted the exchange with freezing his account. According to CZ, a total of 124 BTC (around $2.6 million) were recovered thanks to the quick reaction of both exchanges, though it remains unknown how much the Lazarus Group was able to transfer through them.

Horizon is a bridge that connects Ethereim to the Harmony network. The bridge was hit by hackers in June 2022, who were able to steal around $100 million in crypto assets — including ETH, BNB, USDT, USDC, and DAI — which were then laundered through Tornado Cash. Blockchain forensics firms Elliptic and Chainalysis were later able to connect the attack to the Lazarus Group, a North Korean hacking group associated with the country’s regime.