The North Korean exploiters behind the Harmony Bridge attack continue to launder the stolen funds in June 2022. According to on-chain data revealed on Jan. 28 by blockchain detective ZachXBT, the perpetrators moved another $27.18 million in Ethereum (ETH) during weekend.
The tokens were transferred to six different crypto exchanges, indicated ZachXBT in a Twitter thread, without disclosing which platforms had received the tokens. Three main addresses carried out the transactions.
According to ZachXBT, exchanges were notified about the transfer of funds and some of the stolen assets were frozen. The movements carried out by the exploiters to launder the money were very similar to those of January 13, when more than $60 million was laundered, the crypto detective pointed out.
Who is active rn?
The DPRK just finished laundering another $17.7 million or more (11,304 ETH) from the Harmony Bridge hack.
S/o to the exchanges that responded quickly within a weekend so that the funds could be frozen. pic.twitter.com/sUyUScHR4N
— ZachXBT (@zachxbt) January 29, 2023
The funds moved a few days after the Federal Bureau of Investigation (FBI) confirmed that Lazarus Group and APT38 were the criminals behind the $100 million hack. In a statement, the FBI said that “through our investigation, we were able to confirm that Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $100 million in virtual currency from the Harmony’s Horizon Bridge.”
Related: ‘No one’s stopping them’: Threat of North Korean cyberattacks rises
Harmony Bridge makes it easy to transfer between Harmony and the Ethereum, Binance Chain and Bitcoin network. On June 23, several tokens worth about $100 million were stolen from the platform.
Following the exploit, 85,700 Ether were processed through the Tornado Cash mixer and deposited to multiple addresses. On January 13, the hackers began transferring around $60 million of the stolen funds via the Ethereum-based RAILGUN privacy protocol. According to an analysis by crypto tracking platform MistTrack, 350 addresses have been associated with the attack across many exchanges in an attempt to avoid identification.
Lazarus is a notorious hacker syndicate that has been implicated in a number of key crypto industry breaches, including the $600 million Ronin Bridge hack last March.