ZachXBT has uncovered a money laundering operation allegedly tied to the Lazarus Group, a notorious North Korean hacking group. The group is suspected of being behind the May 2024 hack of Japanese cryptocurrency exchange DMM Bitcoin, where they stole a staggering $305 million in Bitcoin.
According to ZachXBT, over $35 million of the stolen funds have been moved this month to Huione Guarantee, an online marketplace operating in Cambodia. Blockchain forensics firm Elliptic linked Huione Guarantee to Cambodia’s ruling family and reported that the marketplace has facilitated over $11 billion in transactions from hacks, scams, and other illicit activities.
The laundering process appears to involve multiple steps. The hackers first convert the stolen Bitcoin to anonymous tokens using privacy-mixing services. These tokens are then swapped for other cryptocurrencies like Ethereum or Avalanche. Finally, the funds are converted into Tether (USDT), a stablecoin pegged to the US dollar, and transferred to Huione Guarantee.
However, efforts are underway to thwart these attempts. Tether, the issuer of USDT, blacklisted a Tron wallet address associated with the Lazarus Group on July 12th, preventing them from transferring an additional $28.2 million to Huione.
ZachXBT also shared a list of 538 wallet addresses believed to be linked to the Lazarus Group, Huione Guarantee, and others involved in the DMM Bitcoin hack. This information is valuable for investigators and exchanges tracking the movement of stolen funds.
This incident highlights the evolving tactics of cybercriminals and the challenges of countering them. While law enforcement and blockchain firms collaborate to disrupt these operations, the Lazarus Group’s laundering activities demonstrate the need for continued vigilance in the cryptocurrency space.
