Binance and Huobi Recover Some Funds From 2022 Harmony Hack

Cryptocurrency exchanges Binance and Huobi have recovered some of the funds stolen in last year’s hack of Harmony.

“We detected Harmony One hacker fund movement,” Binance CEO Changpeng Zhao wrote in a Sunday (Jan. 15) tweet.


“They previously tried to launder through Binance and we froze his accounts,” Zhao wrote in the tweet. “This time he used Huobi. We assisted Huobi team to freeze his accounts. Together, 124 BTC have been recovered.”

On-chain sleuth ZachXBT had tweeted earlier in the day that the North Korean hacking collective Lazarus Group was moving funds from the Harmony hack.

“North Korea’s Lazarus Group had a very busy weekend moving $63.5m (~41000 ETH) from the Harmony bridge hack through Railgun before consolidating funds and depositing on three different exchanges,” ZachXBT wrote in the tweet.

In the June Harmony hack, $100 million worth of digital assets was taken from Horizon, a bridge that allows crypto holders to make payments between the Harmony blockchain and either Ethereum or Binance Smart Chain.

As PYMNTS reported at the time, that added to a tally of more than $1 billion that had been stolen from bridges at that time in 2022.

About a week later, it was reported that Lazarus Group was likely behind the heist based upon data from Horizon and a finding by forensics company Elliptic Enterprises that the laundering method used had the same hallmarks as those used by the hacking collective.

North Korean hackers swiped close to $400 million in cryptocurrencies during the previous calendar year, 2021, Chainalysis reported in January 2022.

These funds were taken in at least seven cyberattacks that targeted investment firms and centralized exchanges during the year.

The fraudsters made use of phishing lures, code exploits, malware and advanced social engineering to funnel the money from connected “hot” wallets into addresses controlled by the Democratic People’s Republic of Korea (DPRK). The monies were then laundered and cashed out.

The Lazarus Group, which is led by DPRK’s primary intelligence agency, is thought to have engineered most of the attacks in 2021.

Following the recovery of some funds from the Harmony hack, Justin Sun of Huobi tweeted: “We’re proud to announced that thanks to our dedicated team and collaboration with @binance, we were able to detect and prevent a Harmony One hacker from attempting to launder funds through @HuobiGlobal.”