Crypto tracker tracks funds stolen from Harmony Bridge in June

Crypto tracking platform MistTrack tracked the funds taken from the Harmony Bridge hack and made 350 addresses associated with the public attack. The North Korean state-sponsored Lazarus Group is believed to be behind the hack. According to a Twitter thread posted on January 23, the funds were transferred through various exchanges in an effort to evade trackers.

Funds in a number of tokens worth around $100 million were stolen from the Harmony Bridge on June 23, 2022, then quickly traded for Bitcoin (BTC), according to MistTrack, and returned to the wallet they were originally transferred to. The bridge facilitates transfer between Harmony and the Ethereum network, Binance Chain and Bitcoin. Harmony offered $1 million for the return funds, but the offer was not accepted.

On the contrary, pirates, which were later identified as a North Korean group Lazarus, smuggled 85,700 Ether (ETH) through the Tornado Cash mixer and deposited them at multiple addresses, where they remained until January 13, when they were transferred to a Railgun, a privacy system on Ethereum that allows for anonymization. From there they were forwarded to the identified addresses.

Other funds were transferred to the Avalanche (AVAX) blockchain, where they were exchanged for Tether (USDT) or Tron’s USDD token and optionally deposited into addresses on the Ethereum and Tron networks.

Related: “Nobody’s Holding Them Back” – North Korean Cyberattack Threat Grows

Some progress has been made in recovering stolen funds. Binance CEO Changpeng Zhao (CZ) announced via Twitter on January 15 that 121 BTC had been recovered from the Huobi exchange after Binance detects their presence there.

Harmony proposed to create new native ONE tokens to reimburse some of the 65,000 wallets that had suffered losses due to the hack, but this idea proved unpopular and instead it announcement a plan in September to repay the losses on its cash. In November, Harmonie said it was adding seven coins from the compromised bridge that were unaffected by the hack to its new LayerZero bridge, allowing holders of the coins to remove them from the network.

Additional reporting by Tom Blackstone.