In a shocking revelation, the recent hack of Japanese crypto exchange DMM Bitcoin, resulting in the loss of $305 million, is reportedly linked to the notorious North Korean Lazarus Group. The on-chain sleuth, ZachXBT, has identified similarities in the laundering techniques used in this heist and those employed by the infamous group.
The Heist: What Happened?
On May 31, DMM Bitcoin experienced a significant breach, losing 4,502.9 BTC, valued at $305 million, to hackers. The company later confirmed that this attack was due to an “unauthorized leak of Bitcoin from our wallet”.
Tracing the Stolen Funds
According to ZachXBT, the stolen funds were transferred from DMM Bitcoin to an online marketplace, Huione Guarantee, in July. The investigator highlighted that Huione has become a major hub for illicit funds in Southeast Asia, being predominantly used by criminal organizations such as pig butchering gangs.
Blockchain analytic firm Elliptic corroborated these findings, revealing that merchants on Huione Guarantee offer various illicit services, including tech, data, and money laundering. The firm noted that these merchants have engaged in transactions totaling at least $11 billion.
Links to Cambodian Conglomerate
Huione Guarantee is part of the Cambodian conglomerate Huione Group, which has connections to Cambodia’s ruling Hun family. This revelation adds a layer of complexity to the ongoing investigations.
Tether’s Intervention
Further complicating the situation, ZachXBT reported that stablecoin issuer Tether blacklisted a Tron-based wallet with 29.6 million USDT, connected to Huione. This wallet had received $14 million worth of hacked funds from DMM Bitcoin over a three-day period.
Modus Operandi of the Hackers
ZachXBT pointed out striking similarities between the DMM Bitcoin breach and the previous operations of the Lazarus Group. The sophisticated manner in which the stolen funds were maneuvered across the digital landscape echoes the group’s signature style.
The stolen Bitcoins were deposited into a mixer, making them harder to trace. Subsequently, after withdrawing the BTC from the mixer, the hackers bridged the funds across different blockchain networks and converted them into other cryptocurrency denominations. This intricate strategy is a hallmark of the Lazarus Group’s laundering operations.
Conclusion
The $305 million DMM Bitcoin heist is now one of the largest global exchange hacks in terms of fiat value, underscoring the persistent threat posed by cybercriminals like the Lazarus Group. As investigations continue, the crypto community remains vigilant, seeking to fortify defenses against such sophisticated attacks.