North Korean Hackers Move 41,000 ETH Stolen From Harmony

  • North Korea’s Lazarus Group has moved around $63.5 million of crypto assets connected to the Harmony bridge hack over the weekend.
  • The hackers tried to move a portion of the funds through Binance and Huobi, but the exchanges were able to freeze their account and recover around 124 BTC.
hackers

Shutterstock

A large portion of the funds connected to last year’s $100 million Horizon bridge attack have been moved from their wallets over the weekend, on-chain investigator ZachXBT said via Twitter on 16 January.

According to the crypto sleuth, North Korea’s Lazarus Group moved around 41,000 ETH ($63.5 million) from wallets connected to the Horizon exploit to Railgun, an Ethereum-based privacy-focused exchange that makes transactions hard to track. The hacking group then consolidated the funds into several addresses and moved them once again, this time to Huobi, Binance, and OKX.

Binance CEO Changpeng “CZ” Zhao later revealed that his exchange detected that the hacker tried to move a portion of those funds through Huobi, and assisted the exchange with freezing his account. According to CZ, a total of 124 BTC (around $2.6 million) were recovered thanks to the quick reaction of both exchanges, though it remains unknown how much the Lazarus Group was able to transfer through them.

Horizon is a bridge that connects Ethereim to the Harmony network. The bridge was hit by hackers in June 2022, who were able to steal around $100 million in crypto assets — including ETH, BNB, USDT, USDC, and DAI — which were then laundered through Tornado Cash. Blockchain forensics firms Elliptic and Chainalysis were later able to connect the attack to the Lazarus Group, a North Korean hacking group associated with the country’s regime.

Discussion
2 comments
Loading comments...
Related Coverage
Unibot to Compensate Users Affected by Exploit
  • Popular Telegram bot Unibot, which is used to snipe trades on Uniswap, became a victim of a token approval exploit earlier today, when it was switching to a new router.
  • After confirming the exploit, Unibot assured users that their keys and wallets were safe, and that the project will compensate all affected users.
October 31, 2023, 3:01 PM
unlock

Shutterstock

Binance Sells Russian Business, to Exit Country
  • The popular crypto exchange has decided to sell its business in Russia to CommEX, a crypto exchange business that was officially launched on Tuesday.
  • Binance noted that it will fully exit the Russian market, and have no ongoing revenue split or any option to buy back shares in the business.
Balancer Exploited After Giving Warning
  • DeFi protocol Balancer confirmed it was exploited almost a week after disclosing a critical vulnerability affecting several of its boosted pools.
  • The platform did its best to mitigate some of the risks but was unable to pause the affected pools, and an estimated $980,000 in DAI were stolen in an attack.