In July 2024, over $35 million from the $305 million DMM Bitcoin hack was laundered through Huione Guarantee, an online marketplace. A detailed investigation by ZachXBT suggests that the Lazarus Group, a notorious cybercriminal organization, may be behind this hack due to the similarities in laundering techniques and off-chain indicators. The detailed process used by the hackers reveals a sophisticated method to obscure and transfer stolen funds, eventually consolidating them on exchanges.
Hackers first deposited the stolen Bitcoin into a mixer. This mixer broke the link between the source and destination of the Bitcoin, making it difficult to trace. Afterward, they bridged the laundered Bitcoin to Ethereum or Avalanche using services like THORChain, Threshold, or Avalanche bridge. This step converted Bitcoin into corresponding tokens on the Ethereum or Avalanche blockchain.
Next, the funds were swapped for USDT (Tether) on Ethereum or Avalanche. Then, the hackers bridged these USDT tokens to the Tron blockchain using SWFT. Once on the Tron network, the laundered funds were consolidated to simplify the process. Finally, the consolidated funds were transferred to exchanges, particularly Huione.
DMM Bitcoin Plans $321M Recovery After Major HackOver the weekend, Tether blacklisted a wallet on the Tron network containing 29.6 million USDT, which was identified as TNVaKWQzau7xL9bcnvLmF9KSEQkWEs4Ug8. This wallet received approximately $14 million from the DMM Bitcoin hack over three days.
Huione has emerged as a significant hub for illicit funds, especially in Southeast Asia. Various criminal organizations, including pig butchering gangs, use this marketplace. According to a report by blockchain analytics firm Elliptic, Huione merchants have conducted over $11 billion in crypto fraud. The report also suggests possible ties between the Huione Group and the Cambodian government, which raises further concerns about the platform’s use for illicit activities.
The investigation points towards the involvement of the Lazarus Group. This group is known for previous high-profile cybercrimes. The laundering techniques and off-chain indicators closely resemble their past operations. The visual representations of the laundering process show the detailed flow of funds from mixers to exchanges.
