ZachXBT has uncovered that the recent $305 million hack of DMM Bitcoin, a Japanese cryptocurrency exchange, might be the work of the Lazarus Group, known for its North Korean ties. ZachXBT observed that the way the stolen funds were being laundered closely resembled the methods typically employed by Lazarus.
In a detailed analysis shared on Twitter, the on-chain investigator reported that over $35 million of the stolen funds were transferred to an online marketplace called Huione Guarantee in July. This caught the attention of Tether, the stablecoin issuer, which promptly froze a Tron-based wallet holding 29.6 million USDT. This same wallet, linked to Huione, had received about $14 million from the DMM Bitcoin hack within just three days.
The hackers utilized a sophisticated technique to obscure the stolen funds. They mixed the Bitcoin, moved it across various blockchain networks, and converted it into multiple types of digital assets. This approach is reminiscent of tactics previously used by the Lazarus Group.
“Lazarus Group is suspected to be behind the hack due to similarities in laundering techniques and off-chain indicators,” ZachXBT tweeted.
Despite Tether’s ability to block USDT, the hackers converted the stolen Bitcoin into USDT. ZachXBT explains that they did this because they sell the stolen assets through small over-the-counter services that primarily accept USDT.
This incident also highlights how Huione Guarantee is becoming a favored platform for cybercriminals to transfer cryptocurrencies. A recent report by Elliptic Research revealed that Huione has processed at least $11 billion in crypto over the past three years, with a significant portion linked to illicit activities.
By Andrej Kovacevic
Updated on 15th July 2024