In the aftermath of the $305 million hack on cryptocurrency exchange DMM Bitcoin, the notorious Lazarus Group has reportedly funneled over $35 million through an online marketplace in Cambodia this month. Cryptocurrency investigator ZachXBT has uncovered that these illicit funds have been laundered through Huione Guarantee, a platform linked to Cambodia’s ruling Hun family, as revealed by blockchain forensics firm Elliptic on July 10.

Intricate Laundering Operations

Elliptic’s findings indicate that Huione Guarantee has handled $11 billion in cryptocurrency transactions stemming from various hacks, pig butchering scams, and other fraudulent activities. ZachXBT suggests that the Lazarus Group is responsible for the DMM Bitcoin hack, citing parallels in laundering techniques and off-chain indicators. The stolen Bitcoin is channeled through privacy mixers, converted to Ethereum or Avalanche via THORChain, and subsequently transformed into USDT before being bridged to Tron and transferred to Huione.

Read more: Remilia Hacker Funnels $4.3M through Tornado Cash

Interventions and Blocks

On July 12, Tether intervened by blacklisting the Tron wallet address “TNVaK…s4Ug8,” which had previously siphoned off $14 million from the DMM Bitcoin hack. This action prevented an additional $28.2 million from being transferred to Huione. ZachXBT also disclosed 538 wallet addresses associated with the Lazarus Group, Huione, and others involved in the DMM Bitcoin hack.

DMM Bitcoin’s Critical Vulnerability

The Japan-based DMM Bitcoin exchange fell victim to a critical vulnerability on May 30, which allowed hackers to gain unauthorized access to its servers and siphon off $305 million in Bitcoin. In response to the massive breach, the exchange raised $320 million a week later to reimburse affected users.

The Escalating Threat Landscape

According to blockchain security firm Cyvers, over $1.4 billion worth of cryptocurrencies have been stolen in 2024 alone. Centralized exchanges have become primary targets for hackers, experiencing a staggering 900% increase in losses over the past year. Cyvers noted a significant shift in attack vectors this quarter, with centralized exchanges bearing the brunt of major incidents while decentralized finance (DeFi) protocols demonstrate improved resilience.