North Korea’s Lazarus Group Moves Funds Tied To $100 Million Harmony Bridge Hack 14

North Korea’s Lazarus Group Moves Funds Tied To $100 Million Harmony Bridge Hack

  • The Lazarus Group has moved more than $63 million associated with last year’s hack on Harmony bridge. 
  • The funds were deposited to three different exchanges including Binance. 
  • Binance and Huobi have managed to freeze a portion of the funds and recover 124 BTC.
  • The Lazarus Group was involved in several DeFi exploits last year. 

The Lazarus Group, the notorious hacking outfit based in North Korea, transferred millions of dollars to multiple crypto exchanges over the past weekend. According to an update from popular blockchain investigator ZachXBT, the hacker group moved 41,000 ETH worth more than $63 million from the Harmony bridge hack to three crypto exchanges, namely Binance, Huobi, and OKX. 

Lazarus Group’s funds frozen by Binance

The North Korean hacker group used Railgun before depositing the exploited funds on the crypto exchanges. Railgun is a privacy platform built on Ethereum which is used for anonymity while making crypto transactions. The crypto sleuth revealed a list of 350 wallet addresses associated with the hackers. 

Binance CEO Changpeng Zhao took to Twitter to acknowledge the movement of the funds associated with last year’s hack on the Harmony Bridge which saw the Lazarus Group making away with $100 million worth of crypto. Zhao revealed that his company had coordinated with fellow crypto exchange Huobi to freeze the accounts linked to the hackers. Both exchanges were able to recover 124 BTC. 


We detected Harmony One hacker fund movement. They previously tried to launder through Binance and we froze his accounts. This time he used Huobi. We assisted Huobi team to freeze his accounts.”

Zhao tweeted

The Lazarus Group was also linked to the largest hack in decentralized finance’s history i.e. the $635 million Ronin Bridge hack in March 2022. The group has been connected with Bitcoin thefts worth a whopping $2 billion. According to antivirus giant Kaspersky, the group’s latest scheme to attack the crypto market involves impersonating a venture capitalist looking to invest in crypto startups.