Late last night, the attackers behind the Harmony exploit back in June 2022 attempted to cash out another batch of their ill-begotten ETH gains.
Following the 41k ETH laundered via TornadoCash and Railgun two weeks ago, worth about 63.5 million at the time, the North Korean Lazarus Group made an attempt at laundering another $27.7 million worth of ETH.
Intercepted by Exchanges
However, the attempt was not as successful as the last. Virtually all of the ETH laundered two weeks ago was cashed out via unnamed exchanges. This time, the security teams used were reportedly able to freeze most of the funds.
It is up to exchanges to share exactly how much of the 17,278 in ETH was frozen.
Blockchain security researcher ZachXBT originally sounded the alarm on Twitter, posting evidence of $17.7 million being moved through the two mixing tools and onto exchanges.
Who’s active rn?
DPRK just finished laundering another $17.7m+ (11304 ETH) from the Harmony Bridge hack.
S/o to the exchanges who responded quickly on a weekend so funds could be frozen. pic.twitter.com/sUyUScHR4N
— ZachXBT (@zachxbt) January 29, 2023
The original tweet was followed up when Zach discovered another address moving $10 million worth of ETH, bringing the total amount of pre-consolidation addresses used to 10.
Status of Funds Unclear
The previous round of laundering saw a good portion of the Harmony funds turned into BTC, with an undisclosed amount frozen and seized by the FBI.
“Through our investigation, we were able to confirm that the Lazarus Group […] are responsible for the theft of $100 million of virtual currency from Harmony’s Horizon bridge reported on June 24, 2022. […] (We will) continue to identify and disrupt North Korea’s theft and laundering of virtual currency, which is used to support North Korea’s ballistic missile and Weapons of Mass Destruction programs.”
The percentage of funds frozen by crypto exchange security teams seems to be much bigger this time. What will happen to them is still being determined. It’s possible they will be returned to Harmony in an attempt to make users whole.
However, it’s much more likely that the stolen funds will be turned over to the FBI first, potentially allowing their security researchers to glean more info on the notorious North Korean cybercrime syndicate.
The news of the interception was welcomed by the crypto community, with many praising both Zach and the security teams at the unnamed exchanges for keeping watch during the wee hours of a weekend night.
Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).
PrimeXBT Special Offer: Use this link to register & enter POTATO50 code to receive up to $7,000 on your deposits.
Share this article: