NEW: FREE Web3 Resume Cheat Sheet DOWNLOAD NOW

North Korea backed Lazarus Group linked to $305 million DMM Bitcoin hack

555177
North Korea's Lazarus Group suspected in $55 million CoinEx hackNorth Korea's Lazarus Group suspected in $55 million CoinEx hack

In this post:

  • ZachXBT links Lazarus Group to the theft of $305 million BTC from Japanese exchange DMM Bitcoin.
  • The investigator observed similarities in money laundering patterns such as chain-hopping, use of mixers, and selling through small OTCs.
  • Cambodian online marketplace Huione Guarantee has become the choice place for crypto bad actors

The $305 million exploit of Japanese crypto exchange DMM Bitcoin might be the work of the notorious Lazarus Group. On-chain investigator ZachXBT revealed that similarities in laundering the stolen funds suggest that the state-sponsored group may be responsible.

Also Read: The Philippines’ DOJ charges two Russians for alleged involvement in $7 million crypto heist

This comes after recent transfers of DMM Bitcoin-linked funds to the online marketplace Huione Guarantee. Blockchain security company Elliptic Research recently indicted the marketplace for facilitating billions in illicit crypto-related crimes.

The Lazarus Group connection to the DMM Bitcoin hack

According to ZachXBT, the hackers moved over $35 million of the stolen funds to the online marketplace Huione Guarantee in July. The transfers have attracted attention from stablecoin issuer Tether, leading it to blacklist a  Tron-based wallet containing 29.6 million USDT. The wallet is connected to Huione and received about $14 million from the DMM Bitcoin hack in just 3 days.

The laundering pattern is the major reason for drawing a connection between the Lazarus Group and whoever hacked DMM Bitcoin. The hackers have adopted a system where they deposit stolen BTC into the mixer and, after withdrawing it, bridge the funds from Bitcoin to either Avalanche or Ethereum networks using THORChain, Avalanche Bridge, and Threshold.

See also  Bitcoin surges back to $105k -Is Trump's token behind the surge?
DMM Bitcoin hack
DMM Bitcoin Hack (Source: ZachXBT)

Once the funds have been moved to these smart contract blockchains, the hackers swap them for Tether USDT and bridge to the Tron network using SWFT. From Tron, the USDT is transferred to Huione. The pattern, which involves chain hopping and mixers, is similar to how Lazarus moves stolen funds.

“It is suspected that Lazarus Group is behind the hack due to similarities in laundering techniques and off chain indicators,” ZachXBT said.

The hackers’ decision to swap BTC for USDT appears strange, given how Tether could blacklist USDT. However, ZachXBT explained that they have no choice because they are cashing out the stolen assets through small OTCs that only accept USDT.

Huione Guarantee becomes the preferred platform for bad actors

The revelation further highlights the growing role of Huione as a place for bad actors looking to move crypto. According to a recent report by blockchain analytics firm Elliptics Research, the platform, part of the Cambodian Huioine Group, is mostly used by scam operators in Southeast Asia.

Through its investigations, Elliptic discovered that the transaction volume for crypto wallets linked to the platform has been at least $11 billion over the last three years. Merchants on the platform provide various services, including money laundering, malicious technology and software development, and other scam-enabling services.

See also  Goldman Sachs CEO says Bitcoin is not a 'threat' to the US dollar

Also Read: Crypto Exchange DMM Bitcoin Vows To Repay Users After $300M Hack

Although not all transactions on the platform are fraud-related, Elliptic analysis shows that most transactions are connected to illicit activities, and USDT is the preferred crypto among users. In 2024 alone, the transaction volume is already over $3 billion USDT, which is a modest estimate.

From Zero to Web3 Pro: Your 90-Day Career Launch Plan

Share link:

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Editor's choice

Loading Editor's Choice articles...
Subscribe to CryptoPolitan