Skip to content

Binance and Huobi team up to recover $2.5 million from Lazarus’ Harmony One hack

  • by
  • 2 min read
Photo by Morrowind/

Photo by Morrowind/

North Korea’s infamous Lazarus hacking group was caught moving part of its stolen funds from the $100 million Harmony One hack in June over the weekend. The addresses connected to the hack attempted to move the stolen funds over to crypto exchange Huobi, which in partnership with Binance, blocked the transfers and froze the accounts, recovering over 124 Bitcoin in the process. 

Blockchain detective ZachXBT also posted activity related to the hack on Twitter. According to his post, Lazarus moved roughly $63.5 million or around 41,000 ETH from the Harmony One hack through Railgun before consolidating funds and depositing them in three separate crypto exchanges. 

While ZachXBT did not post the names of the three exchanges, they did provide a list of over 350 addresses linked with the move on Twitter. Following this revelation, Binance CEO Changpeng Zhao tweeted about Binance and Huobi recovering the 124 BTC in partnership. 

The Horizon One bridge hack was one of the biggest crypto hacks in 2022. Lazarus was identified as a suspect in the hack after the hackers tried to move over 98% of the stolen funds into the Tornado Cash mixer. The method used to carry out the hack was eerily similar to other hacks conducted by Lazarus, as highlighted by blockchain analysis firm Elliptic in its report published in June 2022. 

The group also carried out the Ronin Bridge hack, which has been the biggest DeFi hack in the history of the protocol so far. Outside of targeting crypto exchanges and bridges, the group has been known to attack critical infrastructure like energy companies and create new ransomware strains

In the News: CIA’s leaked malware gives rise to novel xdr33 backdoor

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: