Researchers have linked the Lazarus Group, a notorious North Korean state-backed hacking group, to the theft of $100 million worth of crypto assets from Harmony’s Horizon Bridge.
Last week, American crypto startup Harmony warned of a “malicious attack” on its Horizon Bridgea gateway bridge that allows users to transfer their crypto assets from one blockchain to another. The attacker stole $100 million worth of cryptocurrency assets, including Ethereum (ETH), Binance Coin, Tether, USD Coin and Dai.
London-based blockchain analysis provider Elliptic, who published an analysis of the attackwrites that hackers converted stolen assets into 85,837 ETH after hacking through Tornado Cash, a mixer commonly used to launder illegally obtained cryptocurrency. So far, the attacker has sent 35,000 ETH worth $39 million, or about 41% of the total stolen funds, to Tornado Cash.
Chainalysis, another blockchain security firm that is working with Harmony to investigate the hack. supported Elliptic conclusions.
Elliptic linked the attack to the Lazarus Group, saying that “the hack and subsequent laundering of stolen crypto assets” is consistent with the actions of North Korean hackers. It notes that while no single factor proves Lazarus’ involvement in the Horizon Bridge attack, the group “committed several major thefts of cryptocurrencies totaling over $2 billion and has recently turned its attention to DeFi. [decentralized finance] services such as cross bridges.”
In April, the US Department of the Treasury connected a North Korean-backed hacker group to steal $625 million in cryptocurrency from the Ronin Network, Sidechain based on Ethereum made for the popular “play to earn” game Axi Infinity.
Elliptic notes that the attack was carried out by compromising the cryptographic keys of a multisig wallet, a technique commonly used by the Lazarus Group, adding that the money laundering programming it observed after the Horizon Bridge hack was “very similar” to what was seen after attacks on Ronin Bridge.
“Lazarus Group tends to focus on targets in the Asia-Pacific region, perhaps for language reasons,” Elliptic added, referring to the Asia-Pacific region. “While Harmony is based in the US, many of the core team have ties to the APAC region.”
AT series of tweets On Thursday, Harmony said it had launched a “global manhunt” for the perpetrators responsible for the $100 million theft. “All exchanges have been notified. Law enforcement, Chainalysis and AnChainAI are actively investigating to identify the perpetrators and recover the stolen assets. “We are providing one LAST opportunity for the actor(s) to recover stolen assets anonymously.”
The company also offered the attacker a final ultimatum, promising to drop the investigation if the funds were returned minus a $10 million reward. Harmony is also offering $10 million for information leading to a secure refund.
Credit: techcrunch.com /