By
Temitope Olatunji
April 18th, 2024
Harmony hack perpetrators Lazarus Group recently moved $63.5 million in ETH, with Binance and Huobi recovering $2.5 million.
North Korea’s Lazarus Group of cyber criminals linked to the $100 million Harmony hack recently made moves again. According to pseudonymous blockchain detective ZachXBT, Lazarus Group moved a sizable part of the stolen Harmony funds over the weekend.
Speaking on this development, ZachXBT pointed out on Twitter:
“North Korea’s Lazarus Group had a very busy weekend moving $63.5m (~41000 ETH) from the Harmony bridge hack through Railgun before consolidating funds and depositing on three different exchanges.”
The blockchain investigator also listed more than 350 addresses associated with stolen loot. Furthermore, according to ZachXBT, the North Korean hackers consolidated and deposited the digital assets into three separate crypto exchanges. Despite this revelation, the on-chain detective did not provide the names of the exchanges used by the cybercriminals.
Binance, Huobi Collaborate to Retrieve Small Portion of Harmony Hack Funds from Lazarus
Recent reports also stated that crypto exchanges Binance and Huobi were teaming up to recover some of the Harmony One funds. Security teams at both exchanges have jointly frozen and recovered 121 Bitcoin (BTC), or $2.5 million, from the hackers.
Binance chief executive Changpeng Zhao recently tweeted that the cybercriminals attempted to launder their funds through the Huobi exchange. However, Binance detected the unwholesome scheme and reached out to Huobi to help freeze and confiscate digital assets. Zhao’s tweet, which also revealed that the hackers initially unsuccessfully tried to funnel the stolen funds through Binance, read:
“We detected Harmony One hacker fund movement. They previously tried to launder through Binance, and we froze his accounts. This time he used Huobi. We assisted Huobi team to freeze his accounts. Together, 124 BTC have been recovered. CeFi helping to keep DeFi.”
Harmony Hack
Last June, the Harmony team first detected the $100 million exploit, including a compromise of bridges linking Ethereum (ETH) and Bitcoin. At the time, Harmony issued a statement on Twitter that read:
“The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.”
A few days later, the Harmony Protocol attempted to recover the stolen funds by offering a $1 million bounty to the hacker(s). In addition, the proof-of-stake (PoS) blockchain also promised not to initiate any criminal proceedings if the hacker returned the stolen funds. Harmony’s attempt at remedial measures went unanswered by the hackers because 24 hours later, the criminals started laundering the funds. In response, the blockchain protocol’s team announced that it was working with “national authorities and forensic specialists” to identify the miscreants. In addition, at the time, Harmony expressed the belief that it would eventually retrieve the stolen funds.
Lazarus Group
The Lazarus Group of North Korea is widely believed to be the perpetrator of the Harmony hack. The cybercriminal syndicate reportedly enjoys the support of the regime of the country’s dictator and Supreme Leader, Kim Jong-un.