TLDR
- Hackers stole $305 million from DMM Bitcoin exchange in May 2024
- Over $35 million of stolen funds have been laundered through Huione Guarantee
- Lazarus Group is suspected to be behind the hack due to similar techniques
- Tether blacklisted a wallet containing $28.2 million of the stolen funds
- Huione Guarantee is linked to Cambodia’s ruling family and has processed $11 billion in potentially illicit funds
Hackers behind the $305 million theft from DMM Bitcoin exchange have begun moving large sums of money. The hack, which occurred in May 2024, targeted the Japan-based exchange and exploited a critical security flaw.
According to blockchain investigator ZachXBT, over $35 million of the stolen funds have been laundered through an online marketplace called Huione Guarantee. This platform operates in Cambodia and has been linked to the country’s ruling Hun family.
The method used by the hackers to move the stolen funds is complex. First, they send the stolen Bitcoin to privacy mixers to hide its origin. Then, they withdraw the mixed Bitcoin and use cross-chain protocols like THORChain to transfer it to other blockchains such as Ethereum or Avalanche.
1/4 So far in July 2024 more than $35M from the $305M DMM Bitcoin hack has been laundered to the online marketplace Huione Guarantee
It is suspected that Lazarus Group is behind the hack due to similarities in laundering techniques and off chain indicators. pic.twitter.com/g1ndlttBll
— ZachXBT (@zachxbt) July 14, 2024
The funds are then converted to USDT, a popular stablecoin, before being moved to the Tron blockchain. Finally, the USDT is transferred to Huione Guarantee.
Blockchain forensics firm Elliptic reports that Huione Guarantee has processed about $11 billion worth of cryptocurrency from various illicit sources.
These include hacks, scams, and other illegal activities. The platform acts as a deposit and escrow service for peer-to-peer transactions on Telegram, mainly using USDT.
The involvement of the Lazarus Group, a hacking organization associated with North Korea, is suspected in this case.
ZachXBT points out similarities in laundering techniques and other off-chain indicators that suggest their involvement. The Lazarus Group has been linked to several high-profile cryptocurrency hacks in the past.
In an effort to stop the flow of stolen funds, Tether, the company behind the USDT stablecoin, has taken action. They blacklisted a Tron wallet address containing $28.2 million of the stolen funds on July 12.
This wallet had moved about $14 million from the DMM Bitcoin hack over three days.
The original hack on DMM Bitcoin was significant, resulting in a loss of $305 million in Bitcoin. The hackers exploited a vulnerability that allowed them to access DMM Bitcoin’s servers, causing an “unauthorized leak” of Bitcoin on May 30. In response to the theft, DMM Bitcoin raised $320 million about a week later to compensate users for their losses.
This incident is part of a larger trend in the cryptocurrency world. According to blockchain security firm Cyvers, over $1.4 billion worth of cryptocurrencies have been stolen so far in 2024.
Centralized exchanges have become a main target for hackers, with losses increasing 900% over the last 12 months.
The case has drawn attention to Huione Guarantee and its alleged connections to Cambodia’s ruling family. Elliptic claims that the company has ties to Prime Minister Hun Manet. This connection, if true, could make it difficult for authorities to shut down the platform despite its alleged involvement in processing illicit funds.
In response to these findings, law enforcement and blockchain analysts have begun efforts to disrupt Huione’s operations. They are monitoring crypto transactions and identifying wallets associated with the platform.