Ad
News
North Korea’s Lazarus Group tied to $305 million crypto breach of Japan’s DMM exchange North Korea’s Lazarus Group tied to $305 million crypto breach of Japan’s DMM exchange

North Korea’s Lazarus Group tied to $305 million crypto breach of Japan’s DMM exchange

ZachXBT underlined the similarities between DMM Bitcoin hackers laundering techniques and that of Lazarus Group.

North Korea’s Lazarus Group tied to $305 million crypto breach of Japan’s DMM exchange

Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.

Join Japan's Web3 Evolution Today

Blockchain sleuth ZachXBT suggested that North Korea-backed Lazarus Group orchestrated the $305 million hack of the Japan-based DMM Bitcoin exchange.

In a social media post on July 14, ZachXBT pointed out the similarities in the “laundering techniques and off-chain indicators” used by the Lazarus Group and those seen in the movement of funds by the DMM Bitcoin hackers.

In May, DMM confirmed it was hacked for 4,502.9 BTC, valued at approximately 48 billion yen ($305 million). Subsequently, the firm raised about $320 million to compensate its impacted users.

$35 million laundered

ZachXBT reported that the DMM Bitcoin hackers moved around $35 million of the stolen funds to the online marketplace Huione Guarantee in July.

The investigator noted that hackers usually dump stolen BTC into a crypto mixer and then bridge it to Avalanche or Ethereum blockchains using THORChain, Avalanche Bridge, and Threshold.

Once on these smart contract blockchains, the hackers swap the funds for USDT and bridge to the Tron network. From there, the USDT is transferred to Huione. This sophisticated laundering pattern, involving chain hopping and mixers, mirrors the methods used by the notorious Lazarus Group.

Interestingly, the USDT transfers appeared to have caught the attention of stablecoin issuer Tether, which blacklisted $29.6 million of its USDT tokens in a Tron-based wallet. This wallet, connected to the Huione marketplace, had received about $14 million from the DMM Bitcoin hack within three days, ZachXBT noted.

Bitrace, a Web3 investigative tool provider, further corroborated the seizure, stating that the Tron address was frozen because it assisted malicious players “in laundering funds for criminal activities such as fraud and crypto theft.”

Huione Guarantee has become a popular marketplace for scam operators. It is part of the Huione Group, a Cambodian conglomerate linked to the ruling Hun family.

Last week, blockchain analytics firm Elliptic reported that crypto wallets used by Huione Guarantee and its merchants have received over $11 billion since 2021, most of which, it suggested, can be linked to fraud or illicit activity.

Mentioned in this article
Posted In: , Hacks