Hackers allegedly linked to North Korean group Lazarus have moved more than $35 million, presumably from a hack on cryptocurrency exchange DMM Bitcoin.
According to on-chain sleuth ZachXBT, the stolen funds were laundered through Huione Guarantee, a company operating in Cambodia.
SponsoredLazarus Shifts Funds from $305 Million Heist
Cryptocurrency investigator ZachXBT revealed that hackers ran bitcoins (BTC) stolen from DMM Bitcoin through mixers over the weekend. They then converted the BTC into Ethereum (ETH) and Avalanche (AVAX) via the cross-chain liquidity protocol THORChain.
The attackers subsequently transferred the assets into Tether (USDT) and then into Tron (TRX). Eventually, all the cryptocurrency ended up with Huione Guarantee.
One transfer of $28.2 million was blocked when the issuer of Tether blacklisted the Tron address “TNVaK…s4Ug8” on July 12. ZachXBT noted that this wallet had withdrawn about $14 million from the DMM hack in just three days.
Read more: Crypto Scam Projects: How To Spot Fake Tokens
On-chain detective also shared a list of 538 addresses associated with Lazarus, Huione, and others involved in the hack. He suggested that the North Korean group Lazarus is behind the incident, based on the money laundering methods and offchain metrics observed.
SponsoredHuione Guarantee, part of Cambodia’s Huione Group, started as a promising marketplace for real estate and cars. However, researchers from Elliptic found fraudulent activity behind its seemingly legitimate operations. The platform offered “deposit and escrow services” to secure transactions, but it turned out to be popular among scammers in Southeast Asia.
Most payments on the platform were made using USDT stablecoin. Elliptic researchers discovered that the platform processed over $11 billion in transactions since it started, with $3.4 billion happening in 2024 alone. Huione is also believed to be linked to the Cambodian government.
“Huione has become a major hub for illicit funds in South East Asia, primarily being used by criminal organizations such as pig butchering gangs. Last year I found millions from the $31M Fintoch investment fraud scheme went to Huione,” ZachXBT noted.
Read more: 15 Most Common Crypto Scams to Look Out For
Japan-based DMM Bitcoin suffered a massive hack in May 2024, marking the largest blockchain incident since December 2022 and the third-largest in crypto history. Attackers exploited a critical vulnerability in the site’s security, allowing to gain access to its servers.
Less than a week after the hack, DMM Bitcoin announced its intention to raise 50 billion yen ($321 million) to compensate affected users.
