North Korean Lazarus Group Moves 41,000 Ether From Harmony Hack

The notorious North Korean hacker collective known as Lazarus has had a busy weekend moving millions of dollars in Ethereum. The Lazarus Group has been moving its spoils from the Harmony Bridge hack this weekend.

On Jan. 16, blockchain sniffer dog “ZachXBT” released details of a number of Ethereum movements. Crypto assets come from anonymity service Tornado Cash and go through Railgun. ZachXBT listed more than 350 addresses related to the attackers. Railgun is a smart contract privacy platform that uses zero-knowledge proofs to obfuscate transactions.

According to analysts who tracked the movement across more than 350 addresses, about 41,000 ETH worth about $63.5 million was sent via Railgun and then deposited on three different exchanges.

Lazarus Group and the Harmony Hack

The Lazarus Group, a North Korean hacking group believed to be backed by dictator Kim Jong Un’s regime, may be behind last year’s Harmony Bridge hack, according to an analysis by blockchain research firm Elliptic.

On the morning of June 24, the attack siphoned $100 million worth of crypto assets including Ether (ETH), Tether (USDT) and Wrapped Bitcoin (wBTC), a service that facilitates crypto asset trading on the Harmony blockchain enables blockchains.

The Harmony Bridge hack is consistent with other hacks attributed to the Lazarus Group, including March’s $635 million Ronin Bridge hack, the largest hack in decentralized finance (DeFi) history to date.

Meanwhile, Binance founder Changpeng Zhao wrote on Monday that addresses linked to the hacker transferred the stolen stash to cryptocurrency exchange Huobi, which blocked the transfer and froze the account. More than 124 bitcoins have been recovered, Zhao said.