North Korea-backed Lazarus Group linked to $305M DMM Bitcoin hack

North Korean Lazarus Group Suspected in Massive Crypto Heist

A recent hack at Japanese crypto exchange DMM Bitcoin, resulting in the loss of 4,502.9 BTC ($305 million), is allegedly connected to the North Korean Lazarus Group. On-chain analyst ZachXBT suggests similarities in laundering techniques and off-chain indicators point to the notorious group's involvement.

DMM Bitcoin confirmed the unauthorized transfer of Bitcoin from their wallet on May 31, marking one of the largest global exchange hacks in fiat value terms.

Suspected Laundering

Investigator ZachXBT notes that the stolen funds were moved to Huione Guarantee, an online marketplace reportedly used for illicit financial activities in Southeast Asia. The marketplace, linked to Cambodia’s Huione Group, is allegedly associated with criminal organizations.

Elliptic, a blockchain analytics firm, revealed that Huione Guarantee facilitates transactions including money laundering, tech services, and data.

Tether Blacklists Wallet that Transferred $14M From DMM Bitcoin

Tether blacklisted a Tron-based wallet holding 29.6 million USDT connected to Huione, which received $14 million of the hacked funds within three days.

Modus Operandi

ZachXBT draws parallels between the DMM Bitcoin breach and previous Lazarus Group operations, highlighting a sophisticated laundering strategy. The hackers utilized mixers and various blockchain networks to obscure the origin of the stolen BTC, resembling Lazarus Group's signature tactics.

While the evidence suggests Lazarus Group’s involvement, further investigation is needed to conclusively determine the perpetrators and assess the broader implications for crypto security.