North Korean hackers Lazarus Group have moved $1.2 million worth of their ill-gotten gains from a coin mixer to a holding wallet, marking their largest transaction in over a month.

Data from the blockchain analysis firm Arkham shows that Lazarus Group’s wallet received 27.371 bitcoin (BTC) in two transactions before sending out 3.34 BTC to a previously used wallet. The coin mixer wasn’t identified.

Generally speaking, a coin mixer, sometimes referred to as a tumbler, is a blockchain-based protocol that can be used to obscure the ownership of cryptocurrencies by mixing them with coins from other users before redistributing them – so no one can tell who got what. Typically, the transparency of blockchains makes it a straightforward exercise to track the crypto’s provenance and transfers.

Lazarus Group is said to have been behind $3 billion worth of cryptocurrency hacks and exploits over the past three years, according to a report by cybersecurity firm Recorded Future.

The U.S. Treasury Department has tied Lazarus Group to a $600 million theft of cryptocurrency from the Axie Infinity-linked Ronin bridge.

According to a report last week from TRM Labs, North Korea-affiliated hackers were involved in a third of all crypto exploits and thefts in 2023, making off with some $600 million in funds.

The Lazarus Group wallet now holds $79 million in wallets tagged by Arkham, including $73 million worth of bitcoin and $3.4 million worth of ether (ETH).

Metamask developer Taylor Monahan said the recent Orbit attack, which resulted in the loss of $81 million, followed patterns similar to previous attacks committed by Lazarus Group.