- North Korea had been under doubt about the theft since the first report of the incident.
- FBI identified the hackers following Lazarus' use of RAILGUN, a privacy protocol, to launder $60 million worth of ETH tied to the theft.
- On the other hand, Wormhole exploiter from February 2022 also began swapping the stolen ETH, borrowing nearly 14 million DAI.
The crypto market has not been privy to attacks and exploits, as over the last few years, billions have been lost to such crimes. One of the leaders in this space is the Lazarus Group, which has been estimated to have exploited the market multiple times now, including the infamous Harmony Horizon bridge attack.
North Korea continues its crypto crimes
Expected to have a hand in the theft, suspicion surrounding the Lazarus Group was confirmed on Monday after the Federal Bureau of Investigation (FBI) made the announcement.
According to the law enforcement agency, the North Korean hacking group tied to the nation's ruling party, the Democratic People's Republic of Korea (DPRK), along with APT38, was responsible for the June 2022 Harmony Horizon bridge theft.
Per the FBI, earlier this month, on January 13, the hackers were found using RAILGUN, a privacy protocol. Using this protocol, more than $60 million worth of ETH was laundered, which was tied to the $100 million Harmony bridge theft.
This amount was then sent to multiple crypto service providers and converted to BTC. The FBI managed to freeze a portion of these funds. Adding to the announcement, the FBI stated,
"FBI Los Angeles and FBI Charlotte…continue to identify and disrupt North Korea's theft and laundering of virtual currency, which is used to support North Korea's ballistic missile and Weapons of Mass Destruction programs."
Wormhole exploiter emerges from the dark
Another hacker on Tuesday reportedly became active who is suspected to be associated with the February 2022 Wormhole exploit. The $256 million worth of ETH stolen from the cross-chain protocol could be seen being shuffled around.
Twitter user Spreek identified the apparent conversion of the stolen Ethereum to wstETH, Lido's liquid-staked ETH, which was then used to borrow stablecoin DAI. According to the Etherscan data, the exploiter took out loans of nearly 14.1 million DAI after swapping $156 million ETH into wstETH.
Following the swaps, the exploiter received another offer from Wormhole, offering $10 million as a bounty reward in exchange for returning all of the stolen funds. No response from the exploiter was noted at the time of this report.
Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers. The author will not be held responsible for information that is found at the end of links posted on this page.
If not otherwise explicitly mentioned in the body of the article, at the time of writing, the author has no position in any stock mentioned in this article and no business relationship with any company mentioned. The author has not received compensation for writing this article, other than from FXStreet.
FXStreet and the author do not provide personalized recommendations. The author makes no representations as to the accuracy, completeness, or suitability of this information. FXStreet and the author will not be liable for any errors, omissions or any losses, injuries or damages arising from this information and its display or use. Errors and omissions excepted.
The author and FXStreet are not registered investment advisors and nothing in this article is intended to be investment advice.
Recommended Content
Editors’ Picks

Ripple risks extending losses despite Ripple-SEC motion to release escrowed $125 million
XRP comes under immense pressure, falling toward $2.09 as Israel and Iran escalate conflict. Ripple and the SEC file a joint motion requesting the release of $125 million held in escrow.

Crypto Today: Bitcoin, Ethereum, XRP clamber for support amid escalating volatility on Israel-Iran tensions
The cryptocurrency market has been hit by a sudden wave of extreme volatility, triggering widespread declines as global markets react to tensions between Israel and Iran.

Sui Price Forecast: Sui eyes triangle fallout below $3 as Open Interest, TVL plunge
Sui (SUI) edges lower by over 5% at press time on Friday, concurrent with the broader crypto market crash due to the escalation of the conflict between Israel and Iran.

Bitcoin eyes a drop toward $100,000 amid cautious sentiment as Middle East tensions escalate
Bitcoin price edges below $105,000 on Friday after falling 4% over the last two days. Market sentiment sours as conflict in the Middle East escalates, with over $1.15 billion in liquidation across crypto markets.

Bitcoin: BTC could slump to $100K amid Trump-Musk tussle
Bitcoin (BTC) tumbled to a low of $101,095 on Friday amid volatility in the market. The effect of the tussle between United States (US) President Donald Trump and Tesla Chief Elon Musk negatively influenced the NASDAQ and Tesla's stock price on Thursday, although both are recovering on Friday.