View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 18, 2023

Cryptocurrency exchanges freeze accounts of North Korean hacking gang Lazarus

The notorious group was trying to launder money stolen in the Harmony Bridge hack last year.

By Claudia Glover

Coin exchanges Binance and Huobi have frozen cryptocurrency accounts they believe belong to notorious North Korean hacking gang Lazarus, preventing the gang from extracting $2.6m in Bitcoin and Ethereum.

Lazarus prevented from laundering over $60m in Bitcoin by coin exchanges (Photo by Astrelok/Shutterstock)

The money was stolen from the Harmony crypto bridge in June of last year and was apparently being moved through various decentralised systems, before the behaviour was noticed by Binance and Huobi and stopped.

Big freeze hits Lazarus crypto accounts

Lazarus was spotted moving $63.5m in Ethereum on Sunday. The group used an anonymising crypto tool called Railgun, which adds privacy protection to transactions.

The consolidated funds were then moved from Railgun and deposited into three different exchanges, which is where the strange activity was picked up. The Binance exchange was the first to freeze the Lazarus accounts. 

Binance CEO Changpeng Zhao tweeted: “We detected Harmony One hacker fund movement. They previously tried to launder through Binance and we froze his accounts.”

The hackers tried a different avenue once Binance proved ineffective, but were also foiled by Huobi, with the help of Binance. Together the two coin exchanges managed to prevent 124 stolen Bitcoin from falling into the hands of the North Korean government. This is just over $2.6m at the time of writing. 

Lazarus wants to profit from Harmony Bridge breach

The Harmony Bridge attack in June saw $100m in cryptocurrencies stolen. Coin bridges are used to connect different blockchains to exchange cryptocurrencies between them. They are a lucrative target as they typically house large amounts of currency and can have weak security. 

Because cryptocurrency transactions are recorded publicly on the blockchain, large transactions, particularly those involving looted cryptocurrencies, draw attention and can be stopped. For example, this happened in February 2022 when two cybercriminals Heather Morgan and Ilya Lichtenstein were caught trying to launder 119,754 Bitcoin , worth about $3.6bn, from a heist they had taken part in against the Hong Kong coin exchange Bitfinex in 2016. 

Crypto consultancy Elliptic quickly pinpointed Lazarus as the gang behind the Harmony Bridge breach. It said Lazarus has “perpetrated several large cryptocurrency thefts totalling over $2bn, and has recently turned its attention to DeFi [decentralized finance] services such as cross-chain bridges.”

It is not uncommon for North Korean state backed hacking groups to perpetrate highly lucrative hacks as the country is subject to heavy sanctions due to its agressive geopolitical stance. 

“North Korea has called its cyber-capability an ‘all-purpose sword,’” Min Chao Choy, a data correspondent at NK News, said in a previous interview with Tech Monitor. “You really see that in the way that they use it. They use it for espionage, on a political level but also for industrial espionage. They use it for funds. They use it to threaten North Korean defectors living in South Korea. And I’m sure they have a lot more destructive capabilities that they haven’t displayed yet.”

Read more: Will DAOs survive the crypto winter?

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.