North Korea-Linked Lazarus Group Frozen: $1.4M Frozen on Binance, Huobi

• Binance and Huobi froze accounts connected to a $100 million Harmony Horizon bridge attack by the Lazarus Group.
• Elliptic, a blockchain analytics company, relayed the information to Binance and Huobi, who froze the accounts containing over $1.4 million in cryptocurrency.
• The funds were routed through Ethereum-based privacy protocol Railgun before being sent to three exchanges.

Lazarus Group’s $100 Million Attack

The Lazarus Group is an infamous hacking group suspected of significant cryptocurrency industry vulnerabilities. In June 2022, it was behind a major attack on Harmony Horizon Bridge that resulted in the theft of over $100 million worth of cryptocurrency.

Freezing Accounts

Binance and Huobi have frozen accounts related to this attack in order to prevent any further losses or thefts. The stolen funds amounting to over $1.4 million were traced back to accounts linked with the Lazarus Group operating out of North Korea. This action was taken after blockchain analytics company Elliptic relayed the information to both exchanges.

Tornado Cash & Railgun Protocols

It has been observed that since the Harmony exploits, Lazarus Group has used Tornado Cash – a privacy mixer now approved by US OFAC – for breaking transaction trails connecting specific transactions with their original heist source. Additionally, ZachXBT reported that these funds were routed through Ethereum-based privacy protocol Railgun before being transferred into three different exchanges.

FBI Involvement

The FBI also confirmed that North Korea’s cyber actors – ‘Lazarus Group’ and ‘APT38’ are responsible for this virtual currency theft from Harmony’s Horizon bridge after conducting their own investigation into the matter.


In conclusion, swift action taken by Binance and Huobi along with Elliptic’s intelligence has enabled them to freeze any malicious activities associated with this attack while preventing further losses or thefts from taking place in the future due to these linked accounts belonging to Lazarus Group operating out of North Korea