Alleged North Korean Cyber Criminals behind Harmony Hack Lazarus Group Moves $64M in Stolen Crypto over Weekend

On Jan 16, 2023 at 2:05 pm UTC by · 3 mins read

Harmony hack perpetrators Lazarus Group recently moved $63.5 million in ETH, with Binance and Huobi recovering $2.5 million. 

North Korea’s Lazarus Group of cyber criminals linked to the $100 million Harmony hack recently made moves again. According to pseudonymous blockchain detective ZachXBT, Lazarus Group moved a sizable part of the stolen Harmony funds over the weekend.

Speaking on this development, ZachXBT pointed out on Twitter:

“North Korea’s Lazarus Group had a very busy weekend moving $63.5m (~41000 ETH) from the Harmony bridge hack through Railgun before consolidating funds and depositing on three different exchanges.”

The blockchain investigator also listed more than 350 addresses associated with stolen loot. Furthermore, according to ZachXBT, the North Korean hackers consolidated and deposited the digital assets into three separate crypto exchanges. Despite this revelation, the on-chain detective did not provide the names of the exchanges used by the cybercriminals.

Binance, Huobi Collaborate to Retrieve Small Portion of Harmony Hack Funds from Lazarus

Recent reports also stated that crypto exchanges Binance and Huobi were teaming up to recover some of the Harmony One funds. Security teams at both exchanges have jointly frozen and recovered 121 Bitcoin (BTC), or $2.5 million, from the hackers.

Binance chief executive Changpeng Zhao recently tweeted that the cybercriminals attempted to launder their funds through the Huobi exchange. However, Binance detected the unwholesome scheme and reached out to Huobi to help freeze and confiscate digital assets. Zhao’s tweet, which also revealed that the hackers initially unsuccessfully tried to funnel the stolen funds through Binance, read:

“We detected Harmony One hacker fund movement. They previously tried to launder through Binance, and we froze his accounts. This time he used Huobi. We assisted Huobi team to freeze his accounts. Together, 124 BTC have been recovered. CeFi helping to keep DeFi.”

Harmony Hack

Last June, the Harmony team first detected the $100 million exploit, including a compromise of bridges linking Ethereum (ETH) and Bitcoin. At the time, Harmony issued a statement on Twitter that read:

“The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.”

A few days later, the Harmony Protocol attempted to recover the stolen funds by offering a $1 million bounty to the hacker(s). In addition, the proof-of-stake (PoS) blockchain also promised not to initiate any criminal proceedings if the hacker returned the stolen funds. Harmony’s attempt at remedial measures went unanswered by the hackers because 24 hours later, the criminals started laundering the funds. In response, the blockchain protocol’s team announced that it was working with “national authorities and forensic specialists” to identify the miscreants. In addition, at the time, Harmony expressed the belief that it would eventually retrieve the stolen funds.

Lazarus Group

The Lazarus Group of North Korea is widely believed to be the perpetrator of the Harmony hack. The cybercriminal syndicate reportedly enjoys the support of the regime of the country’s dictator and Supreme Leader, Kim Jong-un.

Share:

Related Articles

Binance Strengthens Compliance Requirements for Crypto Transfers in South Africa

By April 23rd, 2025

Binance has introduced stricter compliance rules for South African users, requiring detailed sender and receiver info for crypto transfers.

Whales Continue to Accumulate Ethereum, ETH Rally Ahead?

By April 23rd, 2025

Ether made a strong comeback with a 13% rally, drawing fresh whale accumulation.

Is Ethereum (ETH) Ready to Explode? Wyckoff Pattern Suggests $2,700 Breakout Ahead

By April 22nd, 2025

While ETH has struggled to reclaim market dominance, optimism is returning as crypto analyst Incognito has highlighted a classic Wyckoff accumulation pattern forming on Ethereum’s chart.

Exit mobile version