TL;DR
- DMM Bitcoin Breach: DMM Bitcoin, a major Japanese exchange, lost $305 million worth of BTC due to an unauthorized leak from its wallet on May 31, 2024, linked to the Huione group.
- Huione Connection: Crypto sleuth ZachXBT links the hackers to Huione Guarantee, an online marketplace in Cambodia. Over $35 million was laundered through Huione, which is part of the Cambodian conglomerate Huione Group.
- Lazarus Group Tactics: The stolen funds were skillfully laundered by moving through mixing services, new addresses, and different blockchain networks. Tether also blacklisted a wallet allegedly linked to Huione.
DMM Bitcoin, a prominent Japanese cryptocurrency exchange, recently suffered a significant security breach, resulting in the loss of approximately $305 million worth of Bitcoin (BTC). The incident, which occurred on May 31, 2024, involved the unauthorized leakage of 4,502.9 BTC from the exchange’s wallet.
3/4 The laundering path for funds transferred to Huione from the DMM Bitcoin hack can be summarized as:
1) Deposit BTC to mixer from the hack
2) Withdraw BTC from mixer
3) Bridge funds from Bitcoin to Ethereum or Avalanche via THORChain, Threshold, Avalanche bridge
4) Swap for…— ZachXBT (@zachxbt) July 14, 2024
The company confirmed that the attack resulted from an “unauthorized leak of Bitcoin from our wallet.” However, the story takes a twist as on-chain sleuth ZachXBT suggests a connection between this heist and the notorious North Korean Lazarus Group.
The Huione Connection
According to crypto sleuth ZachXBT, the hackers behind the $305 million DMM Bitcoin exchange hack in May have laundered more than $35 million through an online marketplace called Huione Guarantee.
This marketplace operates in Cambodia and has been linked to the nation’s “ruling Hun family.” Notably, Huione Guarantee is part of the Cambodian conglomerate Huione Group.
Money Laundering Services
Blockchain analytics firm Elliptic recently revealed that merchants on the Huione marketplace offer a range of services, including “tech, data, and money laundering.” Their transactions have totaled at least $11 billion, making Huione a hotspot for questionable financial activities.
Tether’s Involvement
Stablecoin issuer, Tether has taken action in response to the DMM Bitcoin heist. They blacklisted a Tron-based wallet that held 29.6 million USDT, which was allegedly linked to Huione. This wallet had received around $14 million worth of hacked funds from the DMM Bitcoin breach over three days.
The Lazarus Group Connection
ZachXBT drew parallels between the DMM breach and the Lazarus Group’s previous operations. The sophisticated manner in which the stolen funds were maneuvered across the digital landscape mirrors the signature laundering operations associated with this notorious cybercriminal organization. Here’s how it unfolded:
- Mixing Service: Initially, the stolen Bitcoin was transferred to a mixing service to obscure its origins.
- New Address: The mixed Bitcoin was then moved to a new address.
- Blockchain Networks: Subsequently, the funds were converted from Bitcoin to Ethereum or Avalanche using platforms like THORChain, Threshold, or the Avalanche bridge.
- USDT Exchange: Finally, the laundered Bitcoin was exchanged for USDT and sent to Huione.
In summary, the DMM Bitcoin hack, Huione’s role, and the Lazarus Group’s tactics highlight the ongoing challenges in combating cybercrime within the crypto space. As investigations continue, the crypto community remains vigilant against such threats.
