Suspected North Korean hackers move $63.5 million in ether stolen from Horizon bridge

Quick Take

  • The hackers of the Horizon bridge moved 41,000 ETH ($63.5 million) over the weekend, on-chain analysts detected. 
  • The funds were routed to a privacy exchange called Railgun and moved to three centralized exchanges.
  • Binance froze $2.6 million of the stolen funds.

Over the weekend, on-chain analysts detected large movements from wallets tied to suspected North Korean hackers that stole about $100 million in crypto from Horizon in June last year. 

Horizon is a bridge that connects Ethereum to the Harmony blockchain. At the time, the money was laundered via Tornado Cash, a popular crypto mixer, and spread among many wallets. Blockchain forensic firms Elliptic and Chainalysis traced the Harmony hackers to Lazarus — a well-known North Korean hacking group associated with the country's regime. 

Over 200 days later, the hackers attempted to launder a large sum of portion of the stolen funds — yet again to evade getting caught. 

ZachXBT, a pseudonymous on-chain sleuth for cryptocurrency transactions, and security firm SlowMist were the first to detect suspicious activity involving wallets associated with the hackers.

The hackers transferred 41,000 ETH ($63.5 million) through over 350 different addresses in the past few days, said ZachXBT, who aggregated on-chain data and identified these suspicious transactions.

On Jan. 13, hackers started moving these funds to Railgun, a privacy-focused exchange built directly on the Ethereum blockchain that acts as a mixer, making transactions hard to trace. Such protocols can often be infallible especially when there’s large amounts of funds moving through them in identifiable patterns or clusters of transactions.

ZachXBT found that after Railgun, the funds were consolidated into specific addresses, and moved to three exchanges: Huobi, Binance and OKX, likely in an attempt to convert the assets into fiat money.

At least one centralized exchange has frozen a portion of these assets. Binance CEO Changpeng Zhao said his team was able to seize 124 bitcoin ($2.6 million). The details of how much was transferred to each exchange and how much the hackers were able to successfully launder assets through them remain unclear, ZachXBT noted. 


© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.