Binance, Huobi team up to recover $2.5M from Harmony One hackers

Security teams at crypto exchanges Binance and Huobi worked together to freeze and recover 121 Bitcoin (BTC) from hackers behind the Harmony bridge exploit. 

In a tweet, Binance CEO Changpeng Zhao announced that the hackers have tried to launder their funds through the Huobi exchange. After this was detected by Binance, they contacted and assisted Huobi to freeze and recover the digital assets deposited by the hackers.

We detected Harmony One hacker fund movement. They previously tried to launder through Binance and we froze his accounts. This time he used Huobi. We assisted Huobi team to freeze his accounts. Together, 124 BTC have been recovered. CeFi helping to keep DeFi #SAFU!

— CZ Binance (@cz_binance) January 16, 2023

According to Zhao, the exchanges recovered a total of 121 BTC, which is estimated to be worth around $2.5 million at the time of writing. 

In a recent post, on-chain crypto detective ZachXBT also highlighted prior to Binance and Huobi freezing and detecting the funds, the hackers behind the exploit were moving around 41,000 Ether (ETH), worth around $64 million in the last weekend. 

1/2 North Korea’s Lazarus Group had a very busy weekend moving $63.5m (~41000 ETH) from the Harmony bridge hack through Railgun before consolidating funds and depositing on three different exchanges. pic.twitter.com/huDumaJeSh

— ZachXBT (@zachxbt) January 15, 2023

According to the crypto sleuth, after moving the funds, the hackers consolidated and deposited the digital assets on three different crypto exchanges. However, the on-chain detective did not specify the names of the exchanges used by the exploiters. 

Related: Backlash as Harmony proposes minting 4.97B tokens to reimburse victims

On Jun. 24, the Harmony team detected the exploit, reporting $100 million in funds compromised. The hack highlighted concerns previously brought up by community members around some of the mutisigs securing the Horizon bridge.

On Jun. 30, the Lazarus Group, an infamous North Korean hacking organization was identified as a suspect behind the $100 million Harmony hack. Blockchain analysis firm Elliptic noted that the manner in which the hack was conducted was similar to other Lazarus Group attacks. 

The Horizon bridge hack is one of the largest exploits and hacks in 2022. Analysts believe that the Lazarus Group targeted the employee login credentials to breach Harmony’s security system. The hackers then deployed laundering programs to move the stolen assets.