Experts in the on-chain realm spotted massive transactions from wallets associated with the North Korean hackers who, in June of last year, stole about $100 million worth of bitcoin from Horizon.
As such, Horizon connects the Ethereum blockchain to the Harmony blockchain. The money was dispersed across several wallets and laundered using Tornado Cash, a prominent cryptocurrency mixer at the time.
Two blockchain forensics firms, Elliptic and Chainalysis, established a connection between the Harmony hackers and Lazarus, a notorious hacking group with ties to the North Korean government. Over 200 days after the theft, the hackers tried to conceal their tracks by laundering a significant sum of the loot.
Anonymous crypto transaction investigator ZachXBT and security firm SlowMist were the first to notice anything was off with the hackers’ wallets. According to ZachXBT, who analyzed on-chain data and discovered the suspicious transactions, the hackers have distributed about $63.5 million worth of ether (around 41,000 ETH) among more than 350 different addresses over the course of the previous several days.
On January 13, the cybercriminals started moving the funds to Railgun, a decentralized cryptocurrency exchange that is built directly on the Ethereum blockchain and serves as a mixer and makes transactions hard to track.
Immediately after Railgun, ZachXBT found that the funds were moved to three other exchanges: Huobi, Binance, and OKX. This was likely an attempt to convert the assets into fiat cash.
Disclaimer: The information provided in this article is for informational purposes only and should not be construed as financial or investment advice. Cryptocurrency investments are subject to market risks, and individuals should seek professional advice before making any investment decisions.