The recent hack of Japanese crypto exchange DMM Bitcoin has been linked to the notorious North Korean Lazarus Group, according to on-chain sleuth ZachXBT. The heist, which saw the loss of 4,502.9 BTC (equivalent to $305 million), has been tied to the Lazarus Group based on similarities in laundering techniques and off-chain indicators. So far in July 2024, more than $35 million of the stolen funds have been laundered through the online marketplace Huione Guarantee, which has become a hub for illicit funds in South East Asia.
According to ZachXBT, Huione Guarantee is used by criminal organizations, such as pig butchering gangs, for money laundering purposes. A recent report by the blockchain analytics firm Elliptic revealed that merchants on the platform offer tech, data, and money laundering services and have engaged in transactions totaling at least $11 billion. Huione Guarantee is affiliated with the Cambodian conglomerate Huione Group, which has ties to Cambodia’s ruling Hun family. Tether has blacklisted a wallet connected to Huione that received $14 million worth of hacked funds from the DMM Bitcoin hack.
ZachXBT also highlighted the sophisticated manner in which the stolen funds have been moved across the digital landscape. The suspected North Korean threat actors deposited the stolen Bitcoins into a mixer from the DMM hack and later withdrew them, bridging the funds across different blockchain networks and converting them to other crypto denominations. This intricate heist strategy reflects the signature laundering operations associated with the Lazarus Group.
The DMM Bitcoin hack, which took place on May 31, 2024, represents one of the largest global exchange hacks in terms of fiat value. The company confirmed that the attack was an unauthorized leak of Bitcoin from their wallet. The hackers sent the stolen funds from DMM to Huione Guarantee, where they have been laundered and used by criminal organizations for illicit activities. The links between Huione Guarantee, the Lazarus Group, and other criminal entities suggest a complex network of illicit financial activities in the crypto space.
Overall, the DMM Bitcoin hack and its ties to the Lazarus Group highlight the ongoing challenges faced by the crypto industry in combating cybercrime and money laundering. As hackers become more sophisticated in their techniques, it is essential for exchanges and regulatory authorities to enhance security measures and cooperation to prevent such incidents in the future. The involvement of North Korean threat actors in such high-profile hacks underscores the global nature of cyber threats and the importance of international collaboration in addressing these issues.
