In a recent social media post, blockchain investigator ZachXBT suggested that the North Korea-backed Lazarus Group orchestrated the $305 million hack of the Japan-based DMM Bitcoin exchange. ZachXBT pointed out the striking similarities in the “laundering techniques and off-chain indicators” used by the Lazarus Group and those observed in the movement of funds by the DMM Bitcoin hackers.

The DMM Bitcoin Hack

Japan-based DMM Bitcoin lost $305 million in Bitcoin after a critical vulnerability was exploited on May 30. The cryptocurrency exchange raised $320 million about a week later to compensate users for the losses.

$35 Million Laundered

ZachXBT reported that the DMM Bitcoin hackers moved approximately $35 million of the stolen funds to the online marketplace Huione Guarantee in July. The investigator noted that hackers typically launder stolen BTC by using a crypto mixer and then bridging it to the Avalanche or Ethereum blockchains using THORChain, Avalanche Bridge, and Threshold. Once on these smart contract blockchains, the funds are swapped for USDT and bridged to the Tron network. From there, the USDT is transferred to Huione. This sophisticated laundering pattern, involving chain hopping and mixers, mirrors the methods used by the notorious Lazarus Group.

Interestingly, the USDT transfers caught the attention of stablecoin issuer Tether, which blacklisted $29.6 million of its USDT tokens in a Tron-based wallet. This wallet, connected to the Huione marketplace, had received about $14 million from the DMM Bitcoin hack within three days, ZachXBT noted.