North Korean Lazarus Group Linked To DMM Bitcoin Hack

The North Korean Lazarus Group might have been the crime syndicate responsible for the DMM Bitcoin hack earlier this year. According to fresh insights from crypto on-chain Sleuth ZachXBT, a series of funds movement from wallets connected to Lazarus gave the hint. Besides this, ZachXBT pointed out the similarities in laundering activities and off-chain indicators.

The DMM Bitcoin Stolen Funds In Motion

To steal from an exchange or a crypto protocol is one thing, laundering the cash undetected remains a major hurdle. For example, the DMM Bitcoin hack saw as much as $305 million in losses according to ZachXBT.

According to the tracking of the stolen funds in and out of the platform, a total of $35 million has shifted to Huione Guarantee exchange thus month. The ZachXBT findings show that stablecoin issuer just blacklisted a wallet connected to the Lazarus Group. This wallet contains a total of $29.6 million and it is resident on the Tron blockchain.

This wallet tagged “TNVaK….s4Ug8” received approximately $14 million within 3 days of the DMM Bitcoin hack.  To help the crypto community understand the hack and accompanying flow, ZachXBT summarized the events.

3/4 The laundering path for funds transferred to Huione from the DMM Bitcoin hack can be summarized as:

1) Deposit BTC to mixer from the hack
2) Withdraw BTC from mixer
3) Bridge funds from Bitcoin to Ethereum or Avalanche via THORChain, Threshold, Avalanche bridge
4) Swap for…

— ZachXBT (@zachxbt) July 14, 2024

First, he said the funds stolen on DMM Bitcoin were moved to a mixer. Thereafter, the funds were shifted to from the mixer and converted from Bitcoin to Ethereum or Avalanche via THORChain, Threshold, Avalanche bridge. After these the hackers converted the BTC to USDT on Tron via SWFT.

For this last stage, the assumption remains that the origin and destination of the stolen funds had been properly concealed.

A Different Hacking Trend

Hacks and cyber exploits are not uncommon in today’s Web3 world. Coingape reported the recent Squarespace breach, an IT service firm that powers Compound Finance and Celer Network. Both protocol suffered outages on their website following the exploit, however, with no funds lost.

Other exploits generally results in fund losses but some projects are often able to negotiate terms that leads to refund. However, in all exploits connected to the Lazarus Group, none of such refunds have been recorded. It remains to be seen if the revelation from ZachXBT will give some closure, the DMM Bitcoin hack still ranks as one of the gravest the industry has seen this year.

Read More: Elon Musk and Justin Sun Endorses Donald Trump Post-Attack