Infamous North Korean hacker group identified as suspect for $100M Harmony attack

Published at: June 30, 2022

The Lazarus Group, a well-known North Korean hacking syndicate, has been identified as the primary suspect in the recent attack that saw $100 million stolen from the Harmony protocol. 

According to a new report published Thursday by blockchain analysis firm Elliptic, the manner in which Harmony’s Horizon bridge was hacked and the way in which the stolen digital assets were consequently laundered bears a striking resemblance to other Lazarus Group attacks.

“There are strong indications that North Korea’s Lazarus Group may be responsible for this theft, based on the nature of the hack and the subsequent laundering of the stolen funds.”

Additionally, Elliptic outlined exactly how the heist was executed, noting that The Lazarus Group targeted the login credentials of Harmony employees in the Asia Pacific region to breach the protocol’s security system. After gaining control of the protocol, the hackers deployed automated laundering programs that moved the stolen assets late at night.

Elliptic also noted that the hackers have already transferred over 40% of the $100 million to Tornado Mixer, an Ethereum-based “mixing service” that obscures transaction data and makes it extremely difficult for investigators to trace the movement of funds.

Initially, the Harmony team offered up a $1 million bounty as an incentive for the hackers to return the funds. However, on June 29, Harmony upped the bounty to $10 million and claimed that a full return of funds would end the investigation and no further criminal charges would be pursued.

The $600 million Ronin bridge hack, which occurred in April, has also been linked back to The Lazarus Group. Due to current market conditions, the value of the stolen Ether (ETH) has plummeted more than 60% down to $230 million.

A recent report from Coinclub.com indicates that North Korea has deployed 7,000 full-time hackers to raise funds through cyberattacks, ransomware and crypto protocol hacks. North Korea is the world leader in cryptocurrency-related crime, with over 15 documented instances of cyber theft amounting to roughly $1.59 billion in stolen funds.

Related: Harmony hacker sends stolen funds to Tornado Cash mixer

Harmony’s Horizon bridge is the latest addition to a growing list of token bridges that have been attacked, including Meter, Wormhole and Ronin, bringing the total amount of bridge token-related theft to a little over $1 billion in 2022 alone.

The largest token bridge to be hacked was Poly Network in 2021, which lost $610 million, almost all of which has since been returned.

Tags
Blockchain
Ethereum
Hacks
Hackers
Cybersecurity
Ransomware
North Korea
Related Posts
Don’t blame crypto for ransomware
Recently, gas has been a hot topic in the news. In the crypto media, it’s been about Ethereum miner’s fees. In the mainstream media, it’s been about good old-fashioned gasoline, including a short-term lack thereof along the East Coast, thanks to an alleged DarkSide ransomware attack on the Colonial Pipeline system, which provides 45% of the East Coast’s supply of diesel, gasoline and jet fuel. In cases of ransomware, we generally see a typical cycle repeat: Initially, the focus is on the attack, the root cause, the fallout and steps organizations can take to avoid attacks in the future. Then, …
Technology / May 30, 2021
Crypto.com breach may be worth up to $33M, suggests onchain analyst
Onchain analyst claims that Crypto.com's loss in the latest security breach might have been worth more than the reported $15 million. Pseudonymous ErgoBTC, an on-chain analyst at Bitcoin (BTC) research firm OXT Research, claims that the Crypto.com security breach that was said to have resulted in the loss of 4.6K ETH ($15 million), may be worth up to $33 million. Adding another 444 BTC to the previously reported 4.6k ETH from yesterday's @cryptocom hack. Still no acknowledgement of loss, despite large outflows from the custodial wallet into ETH's Tornado Cash and a well known BTC tumbler (as detailed below). pic.twitter.com/GalJKM6bi9 …
Blockchain / Jan. 19, 2022
Crypto market crash wipes out millions from North Korea's stolen crypto funds
North Korea leads the world in crypto crime, with over 15 documented instances of cyber theft amounting to $1.59 billion in stolen funds. However, the recent crypto market turmoil has wiped out millions of dollars from the country’s stolen crypto portfolio. The crypto market rundown that started in May wiped out hundreds of billions of dollars from the crypto industry, where most of the crypto assets fell by over 70% from their top. As a result majority of stolen crypto funds by the Democratic People's Republic of Korea (DPRK) hackers have registered a significant plunge as well. A report from …
Bitcoin / June 29, 2022
Crypto hacks are set to hit all-time highs in 2022, analyst explains
Reducing the amount of hacking by improving cybersecurity should be considered a top priority for the crypto industry, said Kim Grauer, director of research of blockchain intelligence firm Chainalysis. As pointed out by the firm, this year could outpace 2021 in terms of crypto stolen through hacks. The vast majority of these exploits have been targeting the field of decentralized finance. “This can't go on in the industry because people are going to lose faith in investing in DeFi platforms”, Grauer said in an interview with Cointelegraph. Unlike centralized exchanges, which have improved their resiliency to crypto hacks, decentralized protocols …
Blockchain / Oct. 19, 2022
Here's how to quickly spot a deepfake crypto scam — cybersecurity execs
Crypto investors have been urged to keep their eyes peeled for "deepfake" crypto scams to come, with the digital-doppelganger technology continuing to advance, making it harder for viewers to separate fact from fiction. David Schwed, the COO of blockchain security firm Halborn told Cointelegraph that the crypto industry is more “susceptible” to deepfakes than ever because “time is of the essence in making decisions” which results in less time to verify the veracity of a video. Deepfakes use deep learning artificial intelligence (AI) to create highly realistic digital content by manipulating and altering original media, such as swapping faces in …
Blockchain / Jan. 13, 2023