A whopping 41,000 ETH stolen by the North Korean hackers Lazarus Group are currently being deposited on crypto exchanges.
According to an analysis of the token movements shared online, the ETH was sent through the anonymity system Railgun before being consolidated in wallets and sent to three major crypto exchanges, possibly to be exchanged for fiat currency.
The 41,000 ETH now on the move is worth some $64.2m by today’s exchange rate, and originates from the infamous Harmony Bridge hack in June of 2022. The bridge was used to transfer tokens between the Harmony network and Ethereum, BNB Chain, and Bitcoin.
“A very busy weekend” for Lazarus Group
Details about this week’s token movements were shared on Twitter by the on-chain analyst ZachXBT, who said Lazarus Group has had “a very busy weekend” moving funds:
https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiLCJ0ZXJyYS5jb20uYnIiLCJ3d3cubGlua3RyLmVlIiwid3d3LnRyLmVlIiwid3d3LnRlcnJhLmNvbS5iciJdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfaG9yaXpvbl90aW1lbGluZV8xMjAzNCI6eyJidWNrZXQiOiJ0cmVhdG1lbnQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VkaXRfYmFja2VuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfcmVmc3JjX3Nlc3Npb24iOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYnVzaW5lc3NfdmVyaWZpZWRfYmFkZ2UiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2NoaW5fcGlsbHNfMTQ3NDEiOnsiYnVja2V0IjoiY29sb3JfaWNvbnMiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X3Jlc3VsdF9taWdyYXRpb25fMTM5NzkiOnsiYnVja2V0IjoidHdlZXRfcmVzdWx0IiwidmVyc2lvbiI6bnVsbH0sInRmd19taXhlZF9tZWRpYV8xNTg5NyI6eyJidWNrZXQiOiJ0cmVhdG1lbnQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3ZpZGVvX2hsc19keW5hbWljX21hbmlmZXN0c18xNTA4MiI6eyJidWNrZXQiOiJ0cnVlX2JpdHJhdGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmx1ZV92ZXJpZmllZF9iYWRnZSI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0Zndfc2hvd19nb3ZfdmVyaWZpZWRfYmFkZ2UiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYnVzaW5lc3NfYWZmaWxpYXRlX2JhZGdlIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1614771861266792449&lang=en&origin=https%3A%2F%2Fcryptonews.com%2Fnews%2Flazarus-groups-stolen-41000-eth-from-harmony-bridge-hack-move.htm&sessionId=d927ebb79b1257febf30a9a2a59311bae4cc9e47&theme=light&widgetsVersion=2b959255e8896%3A1673658205745&width=550px
In a follow-up tweet, ZachXBT also linked to the website Chainabuse.com where he shared a full list of the roughly 400 Ethereum addresses he claims where involved in the operation.
124 BTC recovered, CZ claims
Meanwhile, Binance CEO Changpeng Zhao, better known as CZ, also took to Twitter on Monday to comment on the situation.
According to CZ, the hackers did not use Binance as one of their exchanges this time, but instead the competing exchange Huobi. Huobi then received help from Binance to freeze the hacker’s accounts, he said.
CZ also said that a combined 124 BTC ($2.6m) have now been recovered from the hackers, which indicates that at least some of the hacker’s ETH has been converted to BTC.
“We detected Harmony One hacker fund movement. They previously tried to launder through Binance and we froze his accounts. This time he used Huobi. We assisted Huobi team to freeze his accounts. Together, 124 BTC have been recovered,” CZ wrote.
Huobi has not commented on the situation other than retweeting an article that said the exchange had frozen accounts containing funds tied to the hack.
More than $1bn stolen since 2017
Back in December last year, a report from South Korea’s National Intelligence Service revealed that North Korean hackers are responsible for the theft of more than $1bn in digital assets since 2017.
More than half of that tally, or about $626m, were stolen in 2022, the report said, adding that the North Korean government is believed to use the proceeds from the illegal activity to develop its nuclear weapons program.
Lazarus Group and other cybercrime syndicates in the country are widely believed to be backed by the government.
Leave feedback about this