Crypto exchanges freeze accounts tied to North Korea’s notorious Lazarus Group
Well whaddya know, the crypto ecosystem did the right thing by stiffing the WannaCry bandits
Two cryptocurrency exchanges have frozen accounts identified as having been used by North Korea’s notorious Lazarus Group.
This story starts with a crypto researcher who goes by “ZachXBT” and late last week spotted an entity called “Lazarus Group” moving 41,000 ETH “from the Harmony Bridge hack through Railgun on Jan 13-14 2023 before depositing funds on three exchanges.”
1/2 North Korea’s Lazarus Group had a very busy weekend moving $63.5m (~41000 ETH) from the Harmony bridge hack through Railgun before consolidating funds and depositing on three different exchanges. pic.twitter.com/huDumaJeSh— ZachXBT (@zachxbt) January 15, 2023
The Harmony bridge was a crypto-transfer service that was attacked in June 2022, with around $100m of crypto lost as a result of the attack.
Analysts quickly identified Lazarus Group as the sort of entity that could be interested in attacking Harmony.
Lazarus Group is identified suspected of being a cybercrime crew run by the government of North Korea and is infamous for the WannaCry ransomware, attacking Sony Pictures and stealing secrets from energy companies.
It later moved on to crypto heists and has been fingered for the theft of $620 million of crypto from game developer Sky Mavis, publisher of a crypto-centric game named Axie Infinity.
North Korea steals crypto because sanctions make it hard for the rogue nation to access fiat currencies. The nation’s murderous regime conducts wholesale human rights abuses of its citizenry but needs funds to pursue the conventional missile and nuclear weapons programs that help to keep its rulers in power by making the cost of seeking regime change unacceptable to nations that oppose its violent autocracy.
The US State Department does, however, offer a $10 million reward for information on North Korea’s state-sponsored hacking in the hope of more effectively combating North Korea’s cybercrime program.
- North Korea hits new low by using Seoul Halloween tragedy to exploit Internet Explorer zero-day
- North Korea using freelance techies to fund missiles and nukes
- North Korean attacks on crypto exchanges reportedly netted $316m in two years
- South Korean and US presidents gang up on North Korea's cyber-offensives
While cryptocurrency enthusiasts wax lyrical about the anonymity the tokens offer, the reality is it’s possible to track their movement. The likes of Lazarus Group therefore leave signs of their passing as they attempt to move stolen cryptocoin.
Those attempts were spotted by ZachXBT and also noticed by crypto exchange Binance which froze accounts allegedly involved in Lazarus Group’s efforts.
We detected Harmony One hacker fund movement. They previously tried to launder through Binance and we froze his accounts. This time he used Huobi. We assisted Huobi team to freeze his accounts. Together, 124 BTC have been recovered. CeFi helping to keep DeFi #SAFU! 🙏— CZ 🔶 Binance (@cz_binance) January 16, 2023
The “Huobi” referred to in the Tweet above is another crypto exchange and it, too, acted to prevent Lazarus Group resurrecting the proceeds of the Harmony heist for use by the North Korean regime.
The accounts frozen by Binance and Huobi amounted to 124BTC - $2.6 million at the time of writing.
That’s a decent chunk of change to deny North Korea’s regime. And perhaps a feather in the cap for the crypto community as it battles its ongoing infosec, regulatory, fraud, and existential woes. ®