Infamous North Korean cybercrime gang Lazarus has been allegedly connected to the $100 million crypto hack that hit Harmony Horizon Bridge last week.
“There are strong indications that North Korea’s Lazarus Group may be responsible for this theft, based on the nature of the hack and the subsequent laundering of the stolen funds,” said blockchain analytics company Elliptic. “Lazarus is believed to have stolen over $2 billion in crypto assets from exchanges and DeFi services.”
Confirmed by blockchain platform Harmony, threat actors in the Horizon Bridge attack carried out several transactions to steal bridge-stored tokens worth more than $100 million last week. The stolen funds included several altcoins like ethereum (ETH), BNB, Wrapped Bitcoin (WBTC), and Tether (USDT).
After taking the crypto assets, the cybercriminals then converted most of them into 85,837 ETH through the decentralized exchange (DEX) platform Uniswap.
On Monday, threat actors attempted to obfuscate a portion of the stolen assets (around $39 million) through the Tornado Cash tumbler service. However, Elliptic managed to de-obfuscate these transactions and traced them to new Ethereum wallets.
While there’s no direct evidence to incriminate the group, Elliptic believed that Lazarus Group carried out the attack based on the methods used.
“The theft was perpetrated by compromising the cryptographic keys of a multi-signature wallet – likely through a social engineering attack on Harmony team members,” said Elliptic. “Such techniques have frequently been used by the Lazarus Group.”
After disclosing the attack, Harmony notified other cryptocurrency exchanges and requested assistance from law enforcement agencies and blockchain analytics companies to retrieve the stolen funds. The company also offered a $1 million bounty for the return of stolen assets and shared details about the exploit used by the threat actors.