To anonymize the stolen assets, the North North Korean hackers Lazarus Group turned to a variety of privacy mixers, but it was unsuccessful.
Binance and Huobi, two cryptocurrency exchanges, have once more suspended accounts related to the June 24, 2022, $100 million Harmony Horizon bridge assault.
Cryptocurrency valued at over $1.4 million that the trading platforms blocked originated from accounts connected to the infamous Lazarus Group operating out of North Korea.
Elliptic, a blockchain analytics company, conducted the study, according to a report released by the company on February 14. The company didn’t specify which currencies or tokens were locked, though.
Exchanges @binance and @HuobiGlobal today froze accounts containing $1.4 million stolen by North Korea’s Lazarus Group. This was made possible thanks to intel from Elliptic’s real-time investigations tools and a swift response by the receiving exchanges.https://t.co/f5bVpm8yfH— elliptic (@elliptic) February 14, 2023
Elliptic said it relayed the information to Binance and Houbi, who swiftly took action to freeze the accounts connected to the Lazarus Group:
“The stolen funds remained dormant until recently, when our investigators began to see them funneled through complex chains of transactions, to exchanges. By promptly notifying these platforms about these illicit deposits, they were able to suspend these accounts and freeze funds.”
Since the Harmony exploit, it has been well-documented that Lazarus Group has turned to Tornado Cash, a privacy mixer now sanctioned by the US OFAC, to sever the transaction trail linking a transaction to the initial theft.
According to the report, elliptic investigators were able to track all of the stolen monies passed through the mixer in this case, even though doing so is meant to make it simpler to withdraw money from an exchange.
Simone Maini, CEO of Elliptic, claimed that the incidents demonstrated that the sector was accepting responsibility for preventing money laundering and preventing cryptocurrency from becoming a “haven” for illegal activity:
“Today, money laundering was detected and stolen funds linked to North Korea were frozen, in real time. As an industry we have the power and responsibility to prevent digital assets becoming a haven for money launderers and sanctions evaders, and ensure that they are a force for good.”
The Lazarus Group, North Korean hackers
The Lazarus Group, North Korean hackers, were also blamed by the US Federal Bureau of Investigation (FBI) for the attack on the Harmony bridge on January 24.
The collaboration between Binance and Huobi on this issue is not new.
The two platforms were successful in freezing and recovering 121 Bitcoin associated with the Harmony assault on January 16, which was valued at $2.5 million at the time.
However, according to cryptocurrency investigator ZachXBT, the amount recovered was only a tiny portion of the $63.5 million that was allegedly laundered during that weekend and moved to three different exchanges after passing via the Ethereum-based anonymity protocol RAILGUN:
1/2 North Korea’s Lazarus Group had a very busy weekend moving $63.5m (~41000 ETH) from the Harmony bridge hack through Railgun before consolidating funds and depositing on three different exchanges. pic.twitter.com/huDumaJeSh— ZachXBT (@zachxbt) January 15, 2023
Recent investigations by Elliptic last week also revealed that Lazarus Group had been using “Sinbad,” which they believe is a relaunch of the now-banned privacy mixer Blender, to launder around $100 million in Bitcoin.
Elliptic estimates that since Lazarus Group changed its emphasis to the sector in 2017, it has stolen well over $2 billion in cryptocurrency.