The infamous North Korean band Lazarus moved millions of dollars of stolen etheum to harmony piracy this weekend.
Harmony was attacked June 22, 2022, with approximately $100 million in stolen property.
An enormous amount of stolen funds moving around.
The famous hack collective, the Lazarus Group, has been busy moving millions of stolen EPFs, closing a busy weekend for the notorious group supported by North Korea. Blockchain and crypto investigator ZachXBT posted details about the movement of the funds on Twitter, with the stolen assets originating from Tornado Cash and then going through Railgun. This intelligent contract privacy platform uses zero-knowledge evidence to cloud deals.
According to Zachxbt's post, the Lazarus group moved around 41000 eth, with a value of about 63.5 million dollars, via railgun, before depositing them in various exchanges. Zachxbt tracked transaction flows through more than 350 distinct addresses.
"The Lazarus Group of North Korea had a very busy weekend moving 63.5 million dollars (~41000 ETH) from Railgun's piracy of the Harmony Bridge before consolidating the funds and depositing on three different exchanges."
The crypto analyst did not identify the trades that were used to deposit the stolen funds, but stated that the deposited funds were promptly removed from them.
The Harmony Attack
The Lazarus Group has become quite well-versed in moving stolen crypto across platforms and preventing the authorities from tracking their movements. The group was linked with the Harmony Bridge attack, which took place in June 2022. A detailed hack report has been published by elliptical. The bridge was hacked for an astounding $100 million, and elliptical used something called "tornado untangling abilities," allowing it to trace stolen tornado funds to other portfolios.
The pirates were able to siphon various assets off the bridge through 11 transactions, which were then sent to a wallet and exchanged for uniswap eth on. The hacker saw a hundred million dollars worth of stolen assets, incl. frax, Enveloped aether (moist), aave (aave), share of sushiswap (sushi)frax, aag (aag), usd bination (bus), dai (dai), tether (usdt), btc enveloped (wbtc), and US dollars.
The Harmony team stated that they are trying to recover the stolen funds, adding that they would not be pressing any criminal charges if the funds were returned, and offered a $1 million bounty. They also called in hackers to share how the hacking took place. For now, the team believes the hackers have accessed the funds via compromised private keys.
"We are committed to providing a $1M bonus for the performance of the Horizon Transition Funds, as well as sharing information about their accomplishments...Harmony will advocate for the absence of criminal charges when the money is returned."
A Growing Number Of Heists
The North Korean-backed Lazarus Group has become known for several high-profile heists and has stolen over $2 billion through these heists. The group has emphasized decentralized finance (challenge) and bridges between chains and is also believed to be behind the $600 million ronin hack. They also tackled crypto exchanges in Japan in October 2022, targeting them through a wave of phishing attacks.