A crypto address linked to the $305 million DMM Bitcoin hack in May has reportedly moved 500 Bitcoin, which have an estimated value of $30.4 million, to new addresses.
According to PeckShield Alert, the suspected address first moved the Bitcoin (BTC) to two addresses, each receiving approximately 250 BTC.
#PeckShieldAlert #DMMBitcoin Hacker-labeled address has moved 500 $BTC (worth ~$30.4M) to 2 new addresses pic.twitter.com/iINogvgwpK
— PeckShieldAlert (@PeckShieldAlert) August 22, 2024
The funds are suspected of being part of the 4,502.9 BTC stolen from the Japanese crypto exchange DMM Bitcoin in May.
The stash was then valued at about $305 million, but it would be worth just north of $274 million at current rates. Soon after the attack, DMM Bitcoin raised $320 million, which it used to compensate victims of the hack.
Blockchain investigator ZachXBT previously blamed notorious hackers, the Lazarus Group, linked to the Democratic People’s Republic of Korea, for the DMM Bitcoin attack.
1/4 So far in July 2024 more than $35M from the $305M DMM Bitcoin hack has been laundered to the online marketplace Huione Guarantee
It is suspected that Lazarus Group is behind the hack due to similarities in laundering techniques and off chain indicators. pic.twitter.com/g1ndlttBll
— ZachXBT (@zachxbt) July 14, 2024
The on-chain analyst said the techniques used to launder the stolen crypto and several other off-chain indicators pointed to the Lazarus group as the culprits.
Soon after the hack, the attackers reportedly divided the stolen Bitcoin into smaller batches of 500 BTC and moved them into new wallets. The funds identified by Peckshield are from one of these wallets and the latest to be moved since the May 31 hack.
In July, ZachXBT claimed that the attackers had moved about $35 million worth of Bitcoin to the Cambodia-based exchange, Huione Guarantee. The exchange was recently accused of facilitating the laundering of funds from crypto hacks, pig butchering scams, and other crypto exploits.
3/4 The laundering path for funds transferred to Huione from the DMM Bitcoin hack can be summarized as:
1) Deposit BTC to mixer from the hack2) Withdraw BTC from mixer3) Bridge funds from Bitcoin to Ethereum or Avalanche via THORChain, Threshold, Avalanche bridge 4) Swap for…
— ZachXBT (@zachxbt) July 14, 2024
As crypto news reported in July, Tether froze a Tron wallet suspected to belong to Huione, with more than $28 million in USDT thought to be the proceeds of crime.
According to the crypto sleuth, the DMM Bitcoin attackers typically move the stolen cryptocurrency to privacy mixers and then bridge it to Ethereum (ETH) and Avalanche (AVAX) using THORChain.
The thieves then change the funds to Tether (USDT), shift them to TRON (TRX), and finally deposit them on Huione.