Hackers behind the $305 million May hack against the DMM Bitcoin exchange have reportedly laundered over $35 million of the stolen funds. The laundering activities have been linked to an online marketplace in Cambodia, known as Huione Guarantee, according to blockchain investigator ZachXBT.
Massive Laundering Operation Uncovered
According to Odaily, ZachXBT reported on X that as of July 2024, over $35 million of the $305 million lost in the DMM Bitcoin hack has been laundered through Huione Guarantee. This marketplace operates in Cambodia and has connections to the nation’s “ruling Hun family,” as stated by blockchain forensics firm Elliptic in a July 10 post.
The ongoing investigation has revealed that Huione Guarantee has processed a staggering $11 billion worth of cryptocurrency transactions, including those from hacks, pig butchering scams, and other illicit exploits. The revelation highlights the sophisticated nature of the laundering operations and the vast sums involved.
“It is suspected that Lazarus Group is behind the DMM Bitcoin hack due to similarities in laundering techniques and off-chain indicators,” said ZachXBT. The notorious North Korean hacking group has been linked to several high-profile cyber attacks in recent years, utilizing advanced methods to obfuscate the origins of stolen funds.
The Laundering Process
The hackers have been meticulously moving the stolen Bitcoin through privacy mixers, which obscure the trail of transactions, making it difficult for investigators to trace the funds. After this step, the Bitcoin is withdrawn and converted to Ethereum or Avalanche using the cross-chain liquidity protocol THORChain.
ZachXBT detailed that the laundered funds are then converted into USDT (Tether) and bridged to the Tron blockchain before being transferred to Huione Guarantee. This complex multi-step process illustrates the hackers’ efforts to evade detection and ensure the stolen assets are fully laundered.
Tether’s Intervention
In a significant move to disrupt the laundering process, Tether blacklisted a Tron wallet address (TNVaKWQzau7xL9bcnvLmF9KSEQkWEs4Ug8) associated with Huione, which contained $29.6 million. This action blocked approximately $28.2 million from being transferred to Huione Guarantee. The blacklisted wallet had already funnelled about $14 million from the DMM Bitcoin hack over the course of three days.
DMM Bitcoin’s Response and Wider Implications
The DMM Bitcoin hack, which occurred on May 30, resulted in the loss of $305 million in Bitcoin due to a critical vulnerability that allowed hackers to access the exchange’s servers. The Japan-based cryptocurrency exchange raised $320 million shortly after the breach to compensate affected users, showcasing a swift response to mitigate the impact on its customer base.
The incident is part of a broader trend of increasing cyber attacks on centralized exchanges (CEX). According to blockchain security firm Cyvers, over $1.4 billion worth of cryptocurrencies have been stolen so far in 2024, with centralized exchanges becoming a primary target for hackers. The firm reported a 900% increase in losses from such attacks over the past 12 months.
“This quarter has witnessed a significant shift in attack vectors, with centralized exchanges bearing the brunt of major incidents, while decentralized finance (DeFi) protocols show improved resilience,” Cyvers noted. This shift indicates a growing sophistication among hackers targeting centralized platforms, which often hold significant amounts of user funds.
Blockchain experts and cybersecurity firms are closely monitoring the situation, as the scale and complexity of the DMM Bitcoin hack and subsequent laundering activities underscore the urgent need for enhanced security measures within the cryptocurrency industry.
DMM Bitcoin Hack-Ongoing Investigations
Authorities and blockchain investigators like ZachXBT continue to track the movements of the stolen funds. ZachXBT shared 538 wallet addresses connected to the DMM Bitcoin hack, Lazarus Group, and Huione Guarantee, providing crucial data for ongoing investigations.
The collaboration between blockchain forensic firms, exchanges, and regulatory bodies is vital in combating such high-profile cyber crimes. The swift action by Tether to blacklist associated wallet addresses demonstrates the industry’s commitment to disrupting illicit activities and protecting users’ assets.
Conclusion
The DMM Bitcoin hack serves as a stark reminder of the vulnerabilities within the cryptocurrency ecosystem. As hackers continue to develop sophisticated methods to launder stolen funds, the industry must stay vigilant and adapt its security measures accordingly. With over $35 million already laundered in Cambodia through Huione Guarantee, the global crypto community faces a significant challenge in tracking and recovering the remaining stolen assets.
The ongoing efforts by blockchain investigators like ZachXBT and the proactive measures taken by entities such as Tether are crucial steps in the fight against cybercrime. However, the battle is far from over, and continuous collaboration and innovation in security practices will be essential to safeguard the future of the cryptocurrency industry. The BIT Journal continues to monitor and report on these developments, providing in-depth analysis and updates on the evolving landscape of cryptocurrency security.