The $305 million exploit of Japanese crypto exchange DMM Bitcoin has raised suspicions that the notorious Lazarus Group may be behind the hack. On-chain investigator ZachXBT noted similarities in laundering the stolen funds with the state-sponsored group’s techniques, leading to speculation about their involvement. The hackers moved over $35 million of the stolen funds to the online marketplace Huione Guarantee, attracting the attention of stablecoin issuer Tether, which blacklisted a Tron-based wallet connected to Huione. The laundering pattern involving chain hopping and mixers is reminiscent of how Lazarus operates, further fueling suspicions of their involvement in the DMM Bitcoin hack.
Huione Guarantee has emerged as a preferred platform for bad actors looking to move illicit funds in the crypto space. An investigation by blockchain security company Elliptic Research revealed that the platform, part of the Cambodian Huioine Group, has facilitated at least $11 billion in transactions over the last three years. Although not all transactions on the platform are fraudulent, the majority are linked to illicit activities, with USDT being the preferred cryptocurrency. The platform offers services such as money laundering, malicious technology and software development, and other scam-enabling activities, making it a hotspot for criminal operations in Southeast Asia.
The hackers behind the DMM Bitcoin hack utilized a sophisticated system involving mixing stolen BTC, bridging to smart contract blockchains like Avalanche and Ethereum, and ultimately swapping for Tether USDT on the Tron network. This pattern of laundering stolen funds mirrors Lazarus Group’s tactics, raising concerns about their potential involvement in the hack. The decision to cash out stolen assets through small OTCs that only accept USDT may seem counterintuitive given Tether’s ability to blacklist USDT, but the hackers have little choice in the matter. The similarities in laundering techniques and off-chain indicators suggest a strong connection between the Lazarus Group and the DMM Bitcoin hack, pointing to a sophisticated and well-organized cybercrime operation.
The ongoing investigation into the DMM Bitcoin hack and the involvement of the Lazarus Group highlights the need for increased cybersecurity measures in the crypto space. With platforms like Huione Guarantee facilitating billions in illicit transactions, regulators and law enforcement agencies must step up efforts to combat cybercrime and protect investors. The prevalence of scam operators and other bad actors using platforms like Huione underscores the importance of conducting thorough due diligence and implementing robust security protocols to safeguard against hacks and fraudulent activities. As the crypto market continues to evolve, proactive measures are essential to mitigate risks and ensure the safety of participants in the digital asset ecosystem.
In conclusion, the suspected involvement of the Lazarus Group in the DMM Bitcoin hack underscores the pervasive threat of cybercrime in the crypto space. The sophisticated laundering techniques employed by the hackers highlight the need for enhanced security measures to prevent future breaches and protect investors. Platforms like Huione Guarantee serve as hotspots for criminal activities, necessitating increased oversight and enforcement actions to curb illicit transactions. As the crypto market matures, collaboration between industry stakeholders, regulators, and law enforcement agencies will be crucial in combating cyber threats and ensuring a safe and secure environment for all participants. By remaining vigilant and proactive in addressing cybersecurity challenges, the crypto community can foster trust and confidence in digital asset investments.
