The recent hack of Japanese crypto exchange DMM Bitcoin, which resulted in the theft of 4,502.9 BTC (approximately $305 million), is reportedly connected to the notorious North Korean cybercriminal organization, the Lazarus Group. On-chain analyst ZachXBT has highlighted striking similarities between the laundering techniques employed in this heist and those typically associated with Lazarus.

A Major Security Breach

On May 31, DMM Bitcoin confirmed that the attack involved an “unauthorized leak of Bitcoin from our wallet,” marking one of the largest hacks in cryptocurrency history. The scale of the breach underscores the increasing sophistication of cyberattacks targeting crypto exchanges.

Connections to Illicit Activities

ZachXBT’s investigation indicates that after the hack, the stolen funds were transferred to an online marketplace known as Huione Guarantee, which has become a major hub for illicit financial activities in Southeast Asia. In a July transaction, the hackers sent the $305 million in stolen funds to Huione, a platform reportedly favored by criminal organizations, including those engaged in "pig butchering" scams.

According to blockchain analytics firm Elliptic, transactions on Huione Guarantee have exceeded $11 billion, encompassing services related to technology, data, and money laundering.

Tether’s Response

In response to the hack, stablecoin issuer Tether has blacklisted a Tron-based wallet that received $14 million worth of the stolen funds within a three-day period. The wallet, which has a balance of 29.6 million USDT, is believed to have links to Huione.

Signature Tactics of Lazarus Group

ZachXBT drew parallels between the DMM Bitcoin breach and previous operations attributed to the Lazarus Group. The analysis revealed a complex strategy employed by the suspected North Korean hackers to maneuver the stolen funds across various digital platforms. This included depositing the stolen Bitcoins into a mixer, withdrawing them, and subsequently bridging the funds across different blockchain networks before converting them to other cryptocurrencies.

Such intricate laundering techniques are characteristic of the Lazarus Group's modus operandi, further solidifying the connection between the group and the DMM Bitcoin hack.

Conclusion

The DMM Bitcoin hack not only highlights the vulnerabilities within the cryptocurrency exchange sector but also emphasizes the ongoing threat posed by state-sponsored hacking groups like Lazarus. As investigations continue, the crypto community remains on high alert for similar breaches and the evolving tactics of cybercriminals.