The cash that were taken in June 2022 are still being laundered by the North Korean exploiters who were behind the assault on the Harmony Bridge. The criminals transferred another $27.18 million worth of Ethereum (ETH) over the weekend, as shown by on-chain data that was published on January 28 by blockchain detective ZachXBT.
ZachXBT said in a Twitter thread that the tokens had been moved to six other cryptocurrency exchanges, but he did not disclose which platforms had been the recipients of the tokens. Transactions were carried out from the three primary addresses.
ZachXBT claims that exchanges were informed about the cash movement, and that some of the stolen assets were blocked as a result. The exploiters' activities to launder the money were strikingly similar to those taken on January 13, when over $60 million was laundered, the crypto detective saw. The exploiters were attempting to launder the money.
A few days after the Federal Bureau of Investigation (FBI) established that the Lazarus Group and APT38 were the perpetrators responsible for the $100 million breach, the cash were shifted shortly afterwards. The Federal Bureau of Investigation (FBI) issued a statement in which it mentioned that "through our investigation, we were able to confirm that the Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $100 million worth of virtual currency from Harmony's Horizon bridge."
Transfers between Harmony and the Ethereum network, the Binance Chain, and Bitcoin may be made easier with the use of the Harmony Bridge. On June 23, a large number of tokens with a combined value of around $100 million were taken from the network.
After the vulnerability was discovered, 85,700 Ether was sent via the Tornado Cash mixer and then deposited to a number of other addresses. On January 13, the cybercriminals began moving stolen cash worth around $60 million using a privacy protocol called RAILGUN that was based on Ethereum. MistTrack, a tool for monitoring cryptocurrencies, conducted an investigation and found that 350 addresses have been linked to the assault. These addresses were used across several exchanges in an effort to conceal their identities.
Lazarus is a well-known cyber group that has been linked to a number of significant breaches in the cryptocurrency sector, including the theft of $600 million from the Ronin Bridge cryptocurrency exchange in March of last year.