- Cryptocurrency exchanges Binance and Huobi have frozen accounts linked to the notorious Lazarus Group operating out of North Korea, which attempted to anonymize the stolen funds by using different privacy mixers.
- Around $1.4 million worth of crypto frozen by the trading platforms came from accounts linked to the group, which has stolen well over $2 billion in crypto since it shifted its focus to the industry in 2017.
- Blockchain analytics firm Elliptic passed on the intelligence to Binance and Houbi, which acted promptly to freeze the accounts, showing that the industry is taking on the responsibility to prevent money laundering and stop crypto from becoming a “haven” for illicit activity.
Attacks from the North
North Korean hackers have been linked to numerous cyberattacks and thefts over the years, and the rise of cryptocurrency has given them a new avenue to exploit. The Lazarus Group, a North Korean-based hacker outfit, has been particularly active in this area, with estimates from blockchain analytics firm Elliptic suggesting that it has stolen well over $2 billion in crypto since it shifted its focus to the industry in 2017.
Binance and Huobi go on offense
The latest news is that cryptocurrency exchanges Binance and Huobi have frozen accounts linked to the group, which attempted to anonymize the stolen funds by using different privacy mixers. Around $1.4 million worth of crypto frozen by the trading platforms came from accounts linked to the Lazarus Group, according to a report shared by Elliptic.
The investigation was carried out by Elliptic, which passed on the intelligence to Binance and Huobi, which acted promptly to freeze the accounts. The stolen funds remained dormant until recently, when Elliptic investigators began to see them funneled through complex chains of transactions to exchanges. By promptly notifying these platforms about these illicit deposits, they were able to suspend these accounts and freeze funds.
The Harmony bridge attack in June 2021 was attributed to the Lazarus Group by the United States Federal Bureau of Investigation on Jan. 24. Since the attack, it has been well documented that the group resorted to the now-United States OFAC-sanctioned privacy mixer Tornado Cash in an attempt to break the transaction trail back to the original theft. While this supposedly makes it easier to cash out funds at an exchange, Elliptic investigators were able to trace the entirety of the stolen funds sent through the mixer in this case, the report stated.
In addition to the recent freezes, Binance and Huobi managed to freeze and recover 121 Bitcoin, worth $2.5 million at the time, linked to the Harmony attack. The recovery was, however, only a fraction of the $63.5 million laundered over that weekend, according to crypto sleuth ZachXBT, who claims the funds were funneled through Ethereum-based privacy protocol Railgun before being sent off to three different exchanges.
Recent efforts from Elliptic last week also found that Lazarus Group has laundered about $100 million in Bitcoin through “Sinbad,” which they claim is a re-launch of the now OFAC-sanctioned privacy mixer Blender.
The recent actions by Binance and Huobi show that the industry is taking on the responsibility to prevent money laundering and stop crypto from becoming a “haven” for illicit activity. Elliptic CEO Simone Maini suggested that the industry has the power and responsibility to prevent digital assets from becoming a haven for money launderers and sanctions evaders and ensure that they are a force for good.
North Korean crypto hackers remain a significant threat to the cryptocurrency industry. However, the actions of Binance and Huobi, in cooperation with blockchain analytics firm Elliptic, have demonstrated that there are ways to prevent these hackers from cashing out their stolen funds.
As the cryptocurrency industry continues to grow and mature, it will become increasingly important for exchanges and other actors to develop more robust security measures to prevent cyberattacks and other illicit activities. The use of advanced analytics tools and other technologies will be critical in this regard, as will the continued cooperation and collaboration between firms in the industry.
While the actions taken by Binance and Huobi are a positive step forward, it is clear that more needs to be done to prevent such attacks from happening in the first place. The industry must remain vigilant and proactive in identifying and preventing illicit activities and work to develop more secure and resilient systems and infrastructure to protect against these threats.