Suspected DMM Bitcoin hackers move 500 BTC to new addresses

A crypto address linked to the $305 million DMM Bitcoin hack in May reportedly carried 500 Bitcoins worth an estimated $30.4 million.

According to PeckShield Alert, the suspicious address initially moved Bitcoin (BTC) to two addresses that each received around 250 BTC.

The funds are suspected to be part of the 4,502.9 BTC stolen from Japanese crypto exchange DMM Bitcoin in May. At the time, the money was worth around $305 million, but at current exchange rates it would be worth just over $274 million. Shortly after the attack, DMM Bitcoin raised $320 million, which it used to compensate victims of the attack.

Blockchain researcher ZachXBT previously blamed the DMM Bitcoin attack on the notorious hackers Lazarus Group, which has ties to the Democratic People’s Republic of Korea. The on-chain analyst said the techniques used to launder the stolen crypto, along with several other off-chain indicators, pointed to the Lazarus group as the culprit.

Shortly after the attack, the attackers reportedly split the stolen Bitcoin into smaller groups of 500 BTC and moved them to new wallets. The funds identified by Peckshield are from one of these wallets and are the last to be moved since the May 31 attack.

In July, ZachXBT alleged that attackers transferred around $35 million worth of Bitcoin to Cambodia-based exchange Huione Guarantee, which was recently accused of facilitating the laundering of funds from crypto attacks, pig slaughtering scams, and other crypto exploits.

4/4 Huione has become a major hub for illicit money in Southeast Asia and is used primarily by criminal organisations such as pig slaughtering gangs.

According to a recent report by blockchain analytics firm Elliptic, traders on the platform have made more than $11 billion in profits… https://t.co/n4E0rorhv9 picture.twitter.com/DJkweWYJPm

— ZachXBT (@zachxbt) July 14, 2024

As crypto news reported in July, Tether froze a Tron wallet believed to belong to Huione, seizing more than $28 million worth of USDT believed to be criminal proceeds.

According to the crypto detective, DMM Bitcoin attackers usually move the stolen cryptocurrencies to privacy mixers and then bridge them to Ethereum (ETH) and Avalanche (AVAX) using THORChain. The thieves then convert the funds to Tether (USDT), shift them to Tron (TRX), and finally deposit them to Huione.