ZachXBT Links $305M DMM Bitcoin Hack to Lazarus Group: Suspected North Korean Involvement

In a recent development in the world of cryptocurrency, ZachXBT has raised suspicions that the $305 million hack of DMM Bitcoin, a Japanese crypto exchange, may be linked to the Lazarus Group, a notorious group with ties to North Korea. The on-chain investigator noticed similarities in the way the stolen funds were being moved around to the typical operations of Lazarus.

According to ZachXBT, over $35 million of the stolen funds were sent to an online marketplace called Huione Guarantee in July. This raised red flags for Tether, the stablecoin issuer, which promptly blocked a Tron-based wallet holding 29.6 million USDT. The wallet in question, connected to Huione, had received approximately $14 million from the DMM Bitcoin hack in just three days.

The hackers behind the attack employed a sophisticated method to conceal the stolen money. They mixed the Bitcoin, transferred it across various blockchain networks, and converted it into different types of digital coins. This modus operandi closely resembles past activities of the Lazarus Group.

Despite the fact that Tether has the ability to block USDT, the hackers converted the stolen Bitcoin into USDT. ZachXBT explained that this was likely done to facilitate the sale of the stolen assets through small over-the-counter services that exclusively accept USDT. This incident sheds light on the growing popularity of Huione Guarantee as a platform for hackers to launder cryptocurrencies.

A recent report by Elliptic Research revealed that Huione has processed at least $11 billion in crypto transactions over the last three years, with a significant portion of it linked to illicit activities. This underscores the need for increased vigilance and security measures within the cryptocurrency ecosystem.

The suspected involvement of the Lazarus Group in the DMM Bitcoin hack serves as a stark reminder of the persistent threat posed by cybercriminals in the digital asset space. As investigations continue into this high-profile breach, industry stakeholders are urged to remain vigilant and implement robust security protocols to safeguard against future attacks.