Lazarus Group allegedly moves stolen funds from $308m DMM Bitcoin hack

Hackers involved in the $308 million heist from cryptocurrency exchange DMM Bitcoin in May have laundered more than $35 million through an online marketplace in Cambodia so far this month, according to blockchain researcher ZachXBT.

ZachXBT reported that, according to a July 10 post by blockchain forensics firm Elliptic, the funds were transferred to Huione Guarantee, a Cambodian-based organization with alleged ties to the country’s ruling Hun family.

More than $35 million from the $305 million DMM Bitcoin hack so far on July 1/4, 2024 has been laundered to online marketplace Huione Guarantee

Lazarus Group is suspected to be behind the attack due to similarities in money laundering techniques and off-chain indicators. pic.twitter.com/g1ndlttBll

— ZachXBT (@zachxbt) July 14, 2024

Elliptic also states that the marketplace manages $11 billion worth of cryptocurrency gained from hacks, pig slaughter scams, and other illegal activities.

ZachXBT suggested that Lazarus Group may be responsible for the attack, noting “similarities in laundering techniques” and other “off-chain indicators.”

According to the on-chain detective, the stolen Bitcoin was sent to privacy mixers, then withdrawn and transferred to Ethereum or Avalanche via cross-chain liquidity protocol THORChain.

He later explained that the funds were converted into USDT and sent to Tron, which was then transferred to Huione.

However, Tether intervened to prevent the transfer of $28.2 million to Huione by blacklisting the Tron wallet address “TNVaK…s4Ug8” on July 12. As ZachXBT noted, this address had previously moved around $14 million in three days from the DMM Bitcoin hack.

ZachXBT also published 538 wallet addresses belonging to Lazarus Group, Huione, and other parties involved in the DMM Bitcoin attack.

Japan-based DMM Bitcoin stole $308 million worth of Bitcoin due to a critical security vulnerability. The vulnerability allowed unauthorized access to DMM Bitcoin’s servers, leading to a significant Bitcoin leak on May 30.

Elliptic claims that Huione Guarantee has become a major hub for fraudulent operations in Southeast Asia. The company reportedly functions as a deposit and escrow service for peer-to-peer transactions on Telegram, mostly using Tether’s USDT stablecoin, making it attractive to scammers and money launderers.

Additionally, the blockchain analysis firm alleged that Huione Guarantee has connections to Cambodia’s ruling family, including Prime Minister Hun Manet.

Following the findings, law enforcement and blockchain analysts began working to disrupt Huione’s operations by monitoring crypto transactions and identifying wallets associated with the platform.