The $305 million exploit of the Japanese crypto exchange DMM Bitcoin may have been orchestrated by the notorious Lazarus Group. On-chain investigator ZachXBT has identified similarities in the laundering techniques used, suggesting the involvement of this state-sponsored group.
Following recent transfers of DMM Bitcoin-linked funds to the online marketplace Huione Guarantee, blockchain security company Elliptic Research has implicated the marketplace in facilitating billions in illicit crypto-related crimes. According to ZachXBT, hackers moved over $35 million of the stolen funds to Huione Guarantee in July. These transfers prompted stablecoin issuer Tether to blacklist a Tron-based wallet containing 29.6 million USDT, which received about $14 million from the DMM Bitcoin hack within just three days.
The laundering patterns have been a key factor in linking the Lazarus Group to the DMM Bitcoin hack. The hackers deposited stolen BTC into mixers and then bridged the funds from Bitcoin to Avalanche or Ethereum networks using THORChain, Avalanche Bridge, and Threshold. Once transferred to these smart contract blockchains, the funds were swapped for Tether USDT and bridged to the Tron network via SWFT, eventually moving to Huione. This method, involving chain hopping and mixers, is consistent with Lazarus Group’s known techniques.
ZachXBT stated, “It is suspected that Lazarus Group is behind the hack due to similarities in laundering techniques and off-chain indicators.”
The decision by the hackers to swap BTC for USDT, despite the risk of Tether blacklisting USDT, appears driven by the need to cash out through small OTCs that only accept USDT.
The revelations also highlight Huione Guarantee’s growing role as a haven for bad actors. A recent report by blockchain analytics firm Elliptic Research noted that the platform, part of the Cambodian Huioine Group, is frequently used by scam operators in Southeast Asia. Elliptic’s investigations revealed that crypto wallets linked to the platform had a transaction volume of at least $11 billion over the past three years, with 2024 alone seeing over $3 billion USDT in transactions, most connected to illicit activities.
Merchants on the platform offer various services, including money laundering and the development of malicious technology and software, among other scam-enabling activities. Although not all transactions on Huione are fraud-related, Elliptic’s analysis indicates that the majority are tied to illicit activities, with USDT being the preferred cryptocurrency among users.