- Binance and Huobi have frozen accounts linked to the Lazarus Group’s $100 million Harmony Horizon bridge attack.
- The Lazarus group is a well-known hacking group that is suspected of being behind significant cryptocurrency industry vulnerabilities.
Binance and Huobi have frozen accounts connected to the $100 million Harmony Horizon bridge attack of June 2022.
The frozen cryptocurrency, valued at over $1.4 million, originated from accounts connected to the infamous Lazarus Group operating out of North Korea. Elliptic, a blockchain analytics company, conducted the study. However, it did not specify which coins or tokens were frozen.
Details of the Binance – Huobi investigation
Elliptic confirmed that it relayed the information to Binance and Huobi, who swiftly took action to freeze the accounts connected to the Lazarus Group:
“The stolen funds remained dormant until recently when our investigators began to see them funneled through complex chains of transactions, to exchanges. By promptly notifying these platforms about these illicit deposits, they were able to suspend these accounts and freeze funds.”
Exchanges @binance and @HuobiGlobal today froze accounts containing $1.4 million stolen by North Korea’s Lazarus Group. This was made possible thanks to intel from Elliptic’s real-time investigations tools and a swift response by the receiving exchanges.https://t.co/f5bVpm8yfH
— elliptic (@elliptic) February 14, 2023
It has been well-documented that since the Harmony exploits, Lazarus Group has used Tornado Cash, a privacy mixer that is now approved by the US OFAC, to break the transaction trail connecting a specific transaction to the original heist.
The Lazarus Group attack incident is not something that the crypto community is unaware of. Notably, the Lazarus Group and APT38 carried the $100 million Harmony Bridge Hack in June 2022, according to the Federal Bureau of Investigation.
Although a cyber gang with ties to North Korea had long been suspected of being responsible for the attack, police hadn’t yet confirmed their involvement.
The FBI said:
“Through our investigation, we were able to identify that the Lazarus Group and APT38, cyber actors connected to the DPRK, are responsible for the theft of $100 million of virtual currency from Harmony’s Horizon bridge.”
However, according to cryptocurrency sleuth ZachXBT, the funds were routed through Ethereum [ETH]-based privacy protocol Railgun before being transmitted to three separate exchanges. The recovery was only a small portion of the $63.5 million laundered during that weekend.
Lazarus continues its operations
Additional investigations by Elliptic also discovered that Lazarus Group had been using “Sinbad,” which they believed was a relaunch of the now-banned privacy mixer Blender, to launder around $100 million in Bitcoin [BTC].
Elliptic estimated that since Lazarus Group changed its focus to the sector in 2017, it stole well over $2 billion in cryptocurrency.
The Lazarus group is a well-known hacking outfit that has allegedly been responsible for several significant cryptocurrency industry vulnerabilities, including the $600 million Ronin Bridge hack in March 2022.
