North Korean Hackers Attempt To Launder $27 Million In ETH From The Harmony Bridge Attack

Six exchanges received 17,278 Ether from three major addresses, which enabled them to at least partially freeze the stolen funds.

The hackers of the Harmony bridge attack in North Korea are still attempting to recover the funds they stole in June. On-chain data publicly disclosed on Jan. 28 by blockchain investigator ZachXBT stated that the attackers moved 17,278 Ether worth around $27 million over the course of the weekend.

Without revealing which platforms had received the tokens, ZachXBT stated in a Twitter thread that the tokens had been sent to six different cryptocurrency exchanges. The transactions were executed by three major addresses.

You May AlsoLike

March 2025 Polymarket Bets Boom for Bitcoin, XRP, ETH, AI, and DOGE – The Future of Cryptocurrency Trading!

March 1, 2025

3 Essential Insights from Recent Developer Call on Ethereum’s Pectra Upgrade

March 1, 2025

According to ZachXBT, a part of the stolen funds were blocked once the exchanges were informed about the fund transfers.

The hackers took similar steps to launder money on Jan. 13, when over $60 million was laundered, according to the crypto detective.

Who’s active rn?

DPRK just finished laundering another $17.7m+ (11304 ETH) from the Harmony Bridge hack.

S/o to the exchanges who responded quickly on a weekend so funds could be frozen. pic.twitter.com/sUyUScHR4N

— ZachXBT (@zachxbt) January 29, 2023

The funds were transferred a short while after the Federal Bureau of Investigation (FBI) confirmed that Lazarus Group and APT38 were the hackers responsible for the $100 million hack.

The Lazarus Group and APT38, cyber actors linked to the DPRK (North Korea), are accountable for the theft of $100 million in virtual currency from Harmony’s Horizon bridge, according to a statement from the FBI.

The Horizon Bridge of Harmony works as an intermediary between Harmony and the Ethereum network, the Binance Chain, and Bitcoin. On June 23, a number of tokens from the network valued at roughly $100 million were stolen.

Following the exploit, the Tornado Cash mixer processed 85,700 Ether, which was then deposited at various addresses. The hackers began transferring about $60 million of the stolen money via the Ethereum-based privacy protocol RAILGUN on January 13.

350 addresses have been linked to the attack through numerous exchanges in an attempt to dodge identification, according to research by the cryptocurrency tracking tool MistTrack.

Lazarus is a famous hacking group that has been linked to several significant hacks in the crypto industry, notably the $600 million Ronin Bridge hack from last March.