DMM Bitcoin Hackers Move $30 Million in Stolen Bitcoin Amid Global Hunt
DMM Bitcoin Hackers Move $30 Million in Stolen Bitcoin Amid Global Hunt
DMM Bitcoin hackers, who orchestrated a $305 million heist in May, have reportedly moved 500 Bitcoin, valued at $30.4 million. This significant movement of funds, first identified by PeckShield Alert, has reignited concerns about the hackers’ ongoing efforts to evade detection and launder the stolen assets.
The $305 Million Heist and Subsequent Movements
The DMM Bitcoin hackers, suspected to be part of the notorious Lazarus Group, a North Korean-linked cybercrime organization, initially stole 4,502.9 Bitcoin from the Japanese crypto exchange DMM Bitcoin. At the time of the theft, the stolen Bitcoin was valued at approximately $305 million, but with recent market fluctuations, its value has decreased slightly to around $274 million.
Shortly after the attack, the stolen Bitcoin was divided into smaller batches of 500 BTC and dispersed across various wallets in an attempt to obfuscate the trail. The recent movement of 500 Bitcoin to two separate addresses, each receiving approximately 250 BTC, is the latest in a series of attempts by the DMM Bitcoin hackers to move and potentially liquidate the stolen funds.
Lazarus Group Suspected Behind the Attack
Blockchain investigator ZachXBT, who has been closely following the trail of the DMM Bitcoin hackers, has pointed the finger at the Lazarus Group. This cybercrime syndicate, linked to the Democratic People’s Republic of Korea, is infamous for its involvement in numerous high-profile cryptocurrency heists. ZachXBT cited the techniques used to launder the stolen crypto, as well as several off-chain indicators, as evidence that the Lazarus Group was behind the DMM Bitcoin hack.
“The Lazarus Group has a well-documented history of sophisticated cyber attacks targeting the crypto industry. Their methods, which often involve complex laundering techniques and the use of privacy mixers, match the patterns observed in the DMM Bitcoin case,” ZachXBT explained.
Ongoing Efforts to Track and Recover the Stolen Funds
Since the May 31 attack, global efforts to track and recover the stolen Bitcoin have intensified. DMM Bitcoin, in a swift move to protect its users, raised $320 million shortly after the hack to compensate the victims. However, the challenge of recovering the stolen funds and bringing the DMM Bitcoin hackers to justice remains a significant hurdle.
In July, ZachXBT revealed that the hackers had moved approximately $35 million worth of Bitcoin to Huione Guarantee, a Cambodia-based exchange. Huione has recently come under scrutiny for allegedly facilitating the laundering of funds from various crypto hacks, pig butchering scams, and other illicit activities.
“Huione Guarantee has been identified as a key player in the laundering of funds from multiple crypto-related crimes. The movement of stolen Bitcoin to this exchange is a concerning development, as it complicates efforts to trace and recover the assets,” noted a crypto security expert who wished to remain anonymous.
The Complex Laundering Process
The DMM Bitcoin hackers have employed a sophisticated strategy to launder the stolen funds, making it difficult for authorities to track their movements. According to reports, the hackers typically move the stolen Bitcoin to privacy mixers before bridging it to other blockchains, such as Ethereum and Avalanche, using cross-chain protocols like THORChain.
Once on these new networks, the funds are converted to stablecoins like Tether, then shifted to the Tron blockchain, and ultimately deposited into accounts at exchanges like Huione. This multi-step process is designed to obfuscate the origin of the funds and make it challenging for investigators to trace the transactions back to the original theft.
Tether’s Role in the Investigation
Tether, a prominent stablecoin issuer, has also played a role in the ongoing investigation. In July, Tether froze a Tron wallet suspected to belong to Huione, which held more than $28 million in USDT believed to be linked to the DMM Bitcoin hackers. This action by Tether is part of a broader effort by the crypto community to clamp down on illicit activities and prevent the further movement of stolen funds.
“Tether’s decision to freeze the suspect wallet demonstrates the industry’s commitment to combating crypto crime. However, the fight against the DMM Bitcoin hackers is far from over, and it will require continued collaboration between exchanges, law enforcement, and blockchain investigators,” commented a spokesperson from Tether.
The Road Ahead
As the DMM Bitcoin hackers continue to move the stolen Bitcoin, the global effort to track and recover these funds intensifies. The Lazarus Group, if confirmed as the culprits, would add yet another high-profile crime to their long list of cyber offenses.
The crypto community remains vigilant, with blockchain investigators, exchanges, and law enforcement agencies working together to bring the perpetrators to justice.
The DMM Bitcoin hack serves as a stark reminder of the risks associated with the crypto space, particularly for exchanges and users alike. As security measures improve and regulatory frameworks evolve, the industry must remain proactive in protecting against such sophisticated attacks.
Get more from The Bit Gazette
