Lazarus Group allegedly moves stolen funds from $308m DMM Bitcoin hack

Hackers involved in the $308 million heist from the cryptocurrency exchange DMM Bitcoin in May have so far laundered over $35 million through an online marketplace in Cambodia this month, according to blockchain investigator ZachXBT.

ZachXBT reports that the funds were moved to Huione Guarantee, which operates in Cambodia and is allegedly connected to the country’s ruling Hun family, according to a July 10 post by blockchain forensics firm Elliptic.

1/4 So far in July 2024 more than $35M from the $305M DMM Bitcoin hack has been laundered to the online marketplace Huione Guarantee

It is suspected that Lazarus Group is behind the hack due to similarities in laundering techniques and off chain indicators. pic.twitter.com/g1ndlttBll

— ZachXBT (@zachxbt) July 14, 2024

Elliptic also notes that the marketplace has handled $11 billion in crypto from hacks, pig butchering scams, and other illegal activities.

ZachXBT suggests that the Lazarus Group might be responsible for the hack, citing “similarities in laundering techniques” and other “off-chain indicators”.

According to on-chain sleuth, the stolen Bitcoin has been sent to privacy mixers, then withdrawn and transferred to Ethereum or Avalanche through the cross-chain liquidity protocol THORChain.

He explained that the funds are then converted to USDT and sent to Tron before being transferred to Huione.

However, Tether intervened to prevent $28.2 million from being transferred to Huione by blacklisting the Tron wallet address “TNVaK…s4Ug8” on July 12. This address had previously moved about $14 million from the DMM Bitcoin hack over three days, as noted by ZachXBT.

ZachXBT has also published 538 wallet addresses linked to the Lazarus Group, Huione, and other parties involved in the DMM Bitcoin hack.

The Japan-based DMM Bitcoin was robbed of $308 million in Bitcoin due to a critical security flaw that was exploited, allowing unauthorized access to DMM Bitcoin’s servers and resulting in a significant leak of Bitcoin on May 30.

Elliptic claims that Huione Guarantee has become a significant center for scam operations in Southeast Asia. It is reported that the company functions as a deposit and escrow service for peer-to-peer transactions on Telegram, predominantly using Tether’s USDT stablecoin, which makes it attractive for scammers and launderers.

Moreover, the blockchain analysis firm has alleged that Huione Guarantee has ties to Cambodia’s ruling family, including Prime Minister Hun Manet.

In reaction to the findings, law enforcement, and blockchain analysts have begun efforts to disrupt Huione’s operations by monitoring crypto transactions and identifying wallets associated with the platform.