The notorious North Korean hacker initiative, the Lazarus Group, has been busy this weekend with the $64 million worth of ethereum (ETH) it looted in the Harmony Bridge hack. On January 16, researcher ZachXBT was able to publish new details about the movements of large amounts of ethereum linked to this story. The assets initially came from the Tornado Cash coin mixer and then passed through Railgun.
What is Railgun?
Railgun, like Tornado Cash, is an application to cover the trails of funds, making it more difficult to allocate them to certain people or groups. In this way, the Lazarus Group hopes to effectively launder the stolen funds and possibly sell them at a centralized exchange platform.
More specifically, Railgun is a smart contract privacy platform that uses so-called zero-knowledge proofs to obscure transaction data. In the end, around 41,000 ethereum (worth $ 63.5 million) was sent.
1/2 North Korea’s Lazarus Group had a very busy weekend moving $63.5m (~41000 ETH) from the Harmony bridge hack through Railgun before consolidating funds and depositing on three different exchanges. pic.twitter.com/huDumaJeSh
— ZachXBT (@zachxbt) January 15, 2023
After the funds were passed through Railgun, the hackers sent the funds to three different exchanges. According to ZachXBT, the credits eventually passed through 350 different addresses. Nevertheless, he managed to keep an eye on the funds and to note that the funds are now available at stock exchanges.
The Harmony hack
The exchanges that the Lazarus Group used are not known, but ZachXBT already indicated that the funds generally do not stay there for long. Over the years, Lazarus has become quite practiced at quickly sending stolen funds back and forth. The North Korean hackers managed to hack the Harmony Bridge in June 2022 for about 100 million dollars.
In the end, it mainly used the now banned Tornado Cash to launder the funds. This was revealed by Elliptic in a detailed investigation that it published following the hack. In total, the North Korean hacker group is said to have stolen more than $ 2 billion in digital assets.