Security teams drawn from Huobi and Binance crypto exchanges combined in freezing and recovering bitcoins traced to the Harmony exploit.

The recovery is hot on the heels of revelation by on-chain crypto investigator ZachXBT that Harmony attackers were actively moving $63.5 million over the weekend.

Huobi and Binance Security Joined Forces to Recover Exploited Cryptos

The timely assembly of Huobi and Binance security facilitated quick action in freezing and recovering the Bitcoins proceeds traced to the Harmony exploit.

Binance chief executive Changpeng Zhao tweeted that the exploiters attempted to launder the proceeds via the Huobi exchange. The detection prompted Binance to alert and assist Huobi in freezing the crypto assets upon their deposit.

Zhao clarified that the crypto exchanges’ team successfully recovered the 124 BTC valued at $2.5 million.

Exploiters Moved Million-Dollars Ether  

Before the freeze, the crypto detective ZachXBT revealed that exploiters were busy transferring 41000 Ether worth $63.5 million.

North Korea’s Lazarus Group leveraged the Railgun to hack the Harmony systems before consolidating the funds and moving them on various exchanges.

Further, the digital assets sleuth indicated the exploiters were consolidating and depositing the cryptos in three different exchanges. Nevertheless, the detective was non-committal about the exchange’s identity.  However, ZachXBT would later identify the three exchanges as Binance, Huobi, and OKX.

Earlier on June 24, Harmony reported the exploit revealing a $100 million funds compromise. The detection echoed previous issues community members highlighted, lamenting the vulnerability of mutisigs securing the Horizon bridge.

Footprint of Lazarus Group Attacks Evident in Harmony Exploit

The nature of the Harmony exploits attracted interest from several crypto sleuths. Blockchain-based analytic Elliptic observed that the exploit mirrored previous attacks orchestrated by the Lazarus Group.

The in-depth audit of the transactions trail portrayed the Northern Korean entity’s footprint on June 30 as the primary suspect. Empathizing with the victims, Elliptic cited the Horizon bridge exploit as the largest in the past 12 months.

The Blockchain-based analysts indicated the North Korean hacker leveraged the employee’s credentials to breach the tight security system deployed by Harmony to avert attacks. The exporters would later deploy laundering programs to transfer the stolen cryptos.

Michael Scott

By Michael Scott

Michael Scott is a skilled and seasoned news writer with a talent for crafting compelling stories. He is known for his attention to detail, clarity of expression, and ability to engage his readers with his writing.