Throughout the weekend, Lazarus, a well-known hacker group from North Korea, was particularly active as they conducted multiple fund transfers from the Harmony Bridge hack.
According to reports, the amount transferred totals about $63.5 million, roughly equivalent to 41,000 ETH. Unfortunately, law enforcement agencies have not been able to uncover those behind the criminal network.
Lazarus Group Uses Railgun To Move Stolen Assets
Over the years, the Lazarus Group has developed an efficient technique to disguise the origins of its funds through various means. This has made it difficult for law enforcement authorities to trace.
On January 16th, a blockchain sleuth, “ZachXBT,” tweeted about the latest transfer by the Lazarus Group. According to the tweet, the Group sent ETH through Railgun.
Railgun is a privacy-based smart contract platform that utilizes zero-knowledge proofs to obscure transaction details. Previously, the Group’s assets were held on Tornado Cash, a service commonly used by individuals engaging in illegal activities to conceal their illegal proceeds in the cryptocurrency industry.
The blockchain analyst tracked the fund transfer across 350 addresses estimating that Railgun transferred about 41,000 ETH to different wallet addresses. Afterward, the addresses deposited the funds on various exchanges.
However, the analyst did not specify which exchanges. Still, he argued that the Group usually withdraws such funds quickly after depositing them on exchanges.
Meanwhile, Changpeng Zhao, the CEO of Binance, also talked about the fund transfer. On January 16th, Zhao said Binance detected fund movement by the Harmony One hacker in the past.
According to Zhao, the hacker tried to move the funds through Binance. Upon detecting the situation, Binance froze the accounts involved.
However, the CEO claimed that the hacker attempted to use the Huobi crypto exchange this time. Fortunately, Binance assisted Huobi in freezing the accounts and recovered about 124 BTC.
Lazarus Group Shifts Focus To The DeFi Space
Meanwhile, numerous reports have tagged the Lazarus Group as the mastermind behind the Harmony Attack, which occurred last June. At the time, the hackers stole over $100 million from the attack.
The hackers used a crypto mixer, Tornado Cash, to launder the stolen funds. This is not the first attack associated with the Lazarus Group.
Notably, the Group has taken part in different hacks over the years, totaling about $2 billion. Over time, the North Korean Group has changed its focus.
The criminal network attacked mainly the DeFi sector last year. Many believe the Group is responsible for the $600 million Ronin Bridge attack.
In October, news reports claimed the Group masterminded the sending of phishing emails to crypto-based firms in Japan. Recently, Kaspersky, the company behind the famous Kaspersky Antivirus, claimed that BlueNoroff created different fake domain names impersonating banks and VC firms.
It is noteworthy that BlueNoroff is a subgroup in the Lazarus Group. Kaspersky detected such attacks in January 2022 and raised the alarm.
The Lazarus Group goes mainly after DeFi projects, the FinTech sector, and firms dealing with smart contracts and blockchain.