North Korea’s Lazarus group identified as hackers behind Horizon Bridge’s $100M hack

  • Research into the Theft patterns shows common tactics used for crypto thefts by the North Korea-based Lazarus Group.
  • Horizon’s Bridge’s parent Harmony protocol puts a final proposal before hackers to return stolen funds and avoid the investigation.

Last week, the Harmony Protocol lost a staggering $100 million in multiple cryptocurrencies stolen from its Horizon bridge which connects Harmony to other blockchain platforms. The latest reports show that North Korea’s infamous and notorious Lazarus Group has been behind the $100-million hack.

London-based Elliptic Enterprises conducted a thorough search after the theft last week. Soon after the theft, the Lazarus Group converted all the stolen cryptos into ETH. Elliptic adds that on June 27, the thief started moving the ETH to the Tornado Cash crypto mixer to make the stolen funds untraceable and launder the proceeds of the crime. So far, the thief has spun 35,000 Ether ($39 million) of the stolen funds via Tornado Cash.

By spinning the funds, the thief is trying to break the transaction trail back to the original theft. This will make it easier for the thief to cash out funds at the exchange. In the report, Elliptic adds:

Our analysis of the hack and the subsequent laundering of the stolen cryptoassets also indicates that it is consistent with activities of the Lazarus Group – a cybercrime group with strong links to North Korea.

The Lazarus Group has perpetrated several large cryptocurrency thefts totaling over $2 billion, and has recently turned its attention to DeFi services such as cross-chain bridges. For example, the group is believed to be behind the $540 million hack of Ronin Bridge.

Elliptic further added that the thief compromised the cryptographic keys of a multi-signature wallet. This is a common technique used by the Lazarus Group in the past.

North Korea is among the top crypto crime locations

As per data from Coincub.com, North Korea is among the top five crypto crime locations in the world. Nearly 7000 North Korean hackers have raised funds for the DPRK government through a series of cyberattacks.

As per Coincub, North Korea has nearly 15 documented instances of crypto crimes. The estimated proceeds for the same would be nearly $1.59 billion on a conservative basis.

However, some market researchers say that the ongoing crypto winter is posing a serious threat to North Korea’s crypto holdings. A 70 percent crash since November 2021 has eroded a sizeable portion of North Korea’s digital stockpile.

As per blockchain analytics firm Chainalysis, older crypto wallets controlled by the North Korean regime, built through stolen funds between 2017 to 2021, have plunged more than half from $170 million to $65 million since the beginning of 2022.

Two unnamed sources from south Korea told Reuters that crypto winter has undermined North Korea’s ability to carry out more thefts. Several reports in the past suggest that Pyongyang has been offering backing to the infamous Lazarus Group.

Harmony issues ultimatum

Earlier today in a series of tweets, Harmony issued an ultimatum to the hackers. It also added that it has started a global manhunt for the criminals working with law enforcement agencies to identify the criminals behind the stolen attacks.

It said: “We are providing one FINAL opportunity for the actor(s) to return stolen assets with anonymity. Our FINAL term is below. Retain $10M and return the remaining stolen amount. In exchange, Harmony will cease its investigation”.

Related: U.S is committing espionage against other countries, North Korea says after BTC mixer Blender was sanctioned for Axie Infinity links

Source