Key takeaways:
- Transactions to six cryptocurrency exchanges totaling $27.18 million were made using three primary addresses.
- On January 23, several tokens from the network valued at roughly $100 million were taken.
The perpetrators of the Harmony bridge attack in North Korea are still working to recoup the money they took in June. On-chain data made public on January 29 by blockchain researcher ZachXBT indicated that the offenders exchanged 17,278 Ether over the weekend, valued at nearly $27 million.
ZachXBT said on Twitter that the tokens had been delivered to six cryptocurrency exchanges, but he did not clarify which sites were involved. Executing the transactions were three principal addresses. ZachXBT added:
“Lazarus Group laundered an additional 17,278 ETH through 6 different exchanges on January 28, 2023. The funds were sold for BTC and withdrawn,”
ZachXBT claims that the exchanges were informed about the financial movements and that some stolen property was blocked. According to the crypto detective, the exploiters’ actions to launder the money were strikingly identical to those conducted when more than $60 million was done so.
To hide their true identity over numerous layers, the Lazurus organization has been transferring money that has been laundered to several addresses. Lazarus is a well-known hacker group linked to several significant hacks in the crypto industry, including the $600 million Ronin Bridge hack from last March.
The money was transferred a few days after the FBI determined Lazarus Group and APT38 were responsible for the $100 million hack. The FBI stated this in a statement:
“through our investigation, we were able to confirm that the Lazarus Group and APT38, cyber actors associated with the DPRK [North Korea], are responsible for the theft of $100 million of virtual currency from Harmony’s Horizon bridge.”
Using its Horizon Bridge, Harmony can transmit data to and from the Ethereum network, Binance Chain, and Bitcoin. The North Korean hackers hid their online identity using the Tornado Cash crypto mixer. As a result, Tornado Cash was punished by the US Treasury for aiding North Korean hacker organizations. The $100 million hack reportedly affected 64k wallets, according to Harmony One’s update.
Following the exploit, the Tornado Cash mixer processed 85,700 Ether, which was then deposited at various addresses. The hackers began transferring about $60 million of the stolen money via the Ethereum-based anonymity protocol RAILGUN on January 13. Three hundred fifty addresses have been linked to the attack through numerous exchanges, according to research by the cryptocurrency tracking tool MistTrack, to avoid being identified.