Hacker groups linked to North Korea have been increasingly using Russian cryptocurrency exchanges to launder funds stolen in crypto heists, a new report from crypto analytics platform Chainalysis said.

The company said that $21.9 million in crypto stolen in the $100 million Harmony Bridge hack that took place in June 2022 was laundered through a Russia-based exchange known for processing illicit transactions. The FBI linked this attack to an infamous North Korean state-sponsored threat actor known as the Lazarus Group.

More recently, Lazarus has been linked to the hack of Hong Kong-based cryptocurrency exchange CoinEx Global was hit by a cyberattack, resulting in an estimated loss of $54 million in cryptocurrencies, and the $41 million Stake hack.

“Not only does this revelation signify a potent alliance between North Korean and Russian cybercriminal actors, but it also presents challenges for global authorities,” the company noted.

“Russia’s notoriously uncooperative stance toward international efforts by law enforcement makes the prospect of recovering stolen funds sent to Russian exchanges particularly grim,” it continued. “While the types of mainstream centralized exchanges North Korean hackers have previously relied upon typically cooperate, Russia’s exchanges and law enforcement agencies have a track record of non-compliance, significantly reducing the chance of asset recovery.”

The value of stolen cryptocurrency associated with North Korea-associated groups currently exceeds $340.4 million this year, compared to over $1.65 billion in stolen funds reported in 2022, researchers said.