DMM Bitcoin hackers launder funds via the notorious Huione Guarantee marketplace

4 months ago 32
Hacker with a laptop.

Attackers behind the hack of Japanese crypto exchange DMM Bitcoin have started laundering the funds. The hack in May resulted in a loss of approximately $305 million in crypto assets.

On-chain investigator ZachXBT, citing data from blockchain forensics firm Elliptic, highlighted that over $35 million had been laundered via Huione Guarantee.

North Korea’s Lazarus was involved?

The Cambodia-based marketplace offers merchants providing technology, money, and data laundering services. To date, the platform has facilitated at least $11 billion in illicit transactions, according to Elliptic.

Interestingly, the marketplace has been linked to the Cambodian ruling family.  Now, ZachXBT suspects that North Korea-backed “Lazarus Group” is behind the DMM Bitcoin hack and has transferred a portion of the stolen funds to wallets linked to Huione.

The investigator based his suspicion on similarities in “laundering techniques and off chain indicators.”

Allegedly, the hackers have been leveraging privacy mixers to launder the stolen Bitcoin. Funds from the mixer were subsequently sent to Ethereum or Avalanche via the cross-chain liquidity protocol THORChain.

The attackers then converted these funds into USDT and bridged them to Tron via SWFT, ultimately transferring them to the Huione-linked wallet.

Stablecoin issuer Tether managed to block a transaction valued at $28.2 million directed towards the marketplace by blacklisting a Tron wallet address. 

According to ZachXBT, this wallet, identified as “TNVaK,” received $14 million from the DMM Bitcoin hack in three days.

The investigator has also disclosed 538 wallet addresses linked to Lazarus Group, Huione, and other entities involved in the DMM Bitcoin hack. The wallets span multiple chains, including Bitcoin, Tron, Ethereum, Avalanche, and BSC.

History of the DMM Bitcoin hack

On May 29, DMM Bitcoin noticed unauthorized outflows of 4,502.9 BTC, resulting in the exchange suspending operations. The exploit was the result of an alleged attack on its servers.

While the exchange hasn’t disclosed the exact details of the attack, it suspected that private keys for its wallets were also leaked. The exchange vowed to compensate users by raising funds via its group of companies.

A week after the attack, the exchange raised $320 million via its parent firm DMM.com. The firm also mandated by Japan’s Financial Services Agency to provide a detailed report of the compensation plan.

Besides DMM Bitcoin, the Japanese crypto sector has witnessed multiple attacks on platforms operating in the region. Liquid, a leading crypto platform in the region, lost $80m worth of crypto in an attack in August 2021. Prior to that, Bitpoint, another Japanese exchange, lost ¥3.5bn worth of cryptocurrencies from its hot wallets, worth $32 million at the time.

The post DMM Bitcoin hackers launder funds via the notorious Huione Guarantee marketplace appeared first on Invezz

Read Entire Article