A North Korean hacker group tried to launder $63 million worth of cryptocurrency it stole last year, but its attempts were partially blocked by crypto exchanges, according to experts from the blockchain.
According to a blockchain sleuth who goes by the ZachXBT Twitter account on Monday, the hacker organization — known to intelligence officials and cybersecurity experts as the Lazarus Group — moved about 41,000 ETH (63.5 million dollars) from January 13 to 14 on cryptocurrency exchanges Binance, OKX and Huobi.
The displaced cryptocurrency reserve by Lazarus to the three exchanges was stolen last June from Horizon Bridge, an American crypto startup that allows users to transfer their crypto assets from one blockchain to another.
The hack, which was one of the biggest cryptocurrency heists last year, involved the theft of different types of cryptocurrencies including ETH, BNB, USDT, USDC and Dai, according to the analytics firm. of the Elliptic blockchain.
Elliptic said the Lazarus hackers used different types of decentralized exchanges to convert the stolen assets into ETH – including Tornado Cash, a cryptocurrency “cup” or service that mixes suspicious cryptocurrency funds with others to hide their origin.
The US Treasury Department’s Office of Foreign Assets Control blacklisted Tornado Cash in August, accusing it of laundering more than $7 billion in virtual currencies, including all of the $455 million allegedly stolen last year by the Lazarus group.
ZachXBT said Lazarus used Railgun, a tool that anonymizes crypto transactions, to try to obscure the origin of Ethereum-denominated funds as it attempted to move them over the weekend.
He also shared over 350 IP addresses associated with the hacker group.
Binance CEO Changpeng Zhao tweeted that the exchange detected previous laundering attempts by the hacking group and froze its accounts, adding that it helped Huobi freeze accounts used by Lazarus during his money moves. weekend funds.
Zhao said the two exchanges managed to recover 124 bitcoins ($2.6 million), leaving open the possibility that Lazarus might manage to exchange most of his stolen Ethereum for bitcoin.
Huobi was able to detect and prevent the hacker from attempting to launder funds, according to crypto entrepreneur Justin Sun, whose investment firm About Capital owns Huobi.
Cryptocurrency theft has become an increasingly important tool in Pyongyang’s arsenal to evade sanctions after successive UN Security Council resolutions targeted Pyongyang’s customary means of raising foreign currency.
In the past, North Korea has focused on manufacturing and trading narcotics, arms sales to anti-Western and non-aligned countries, and counterfeiting US dollars to illegally raise funds for its military programs. armament.
Compulsory remittances from North Korean workers sent abroad by the regime have also helped Pyongyang raise foreign currency, as have exports of monumental bronze statues made by state-owned Mansudae Art Studio to authoritarian leaders in the country. Benin, Congo, Zimbabwe and Angola.
The expansion of international sanctions in August and December 2017 to cover exports of labor and art by the North led the regime to step up its illicit operations in cryptocurrencies.
Over the past five years, Pyongyang is estimated to have raised around $1.6 billion through heists and cryptocurrency exchanges, according to various investigators and experts.
BY MICHAEL LEE [firstname.lastname@example.org]