(Bloomberg) — Suspected North Korean hackers known as the Lazarus Group are believed to be behind the recent $100 million heist on California blockchain Harmony, a firm that tracks stolen cryptocurrency said Wednesday.
Harmony confirmed that its Horizon Bridge, a seamless layer which allows cryptocurrency to move across different blockchains, had been hacked last week.
The blockchain forensics company Elliptic Enterprises Ltd., which has been tracking Harmony’s stolen cryptocurrency to identify who is moving it around the web, said it believes the Lazarus Group was responsible because the laundering method bears their hallmarks. In April, the US Department of Homeland Security issued an alert saying the group was sponsored by the North Korean government, and that it has targeted crypto firms since 2020.
In this case, the hackers targeted username and password credentials of Harmony workers in Asia Pacific to break into the bridge, Elliptic said. While using automated laundering services, hackers moved the funds during Asia Pacific night time hours. All of these are signatures of Lazarus’ attack methods, Elliptic added.
As of Wednesday, the hacker has already sent 41% of the $100 million to a Tornado Cash mixer, according to Elliptic, a reference to the service used to hide the transaction trail.
The hack bore similarities to the recent $600 million Ronin Bridge attack, which was attributed to Lazarus by the US Treasury Department, Elliptic said.
“There are strong indications that North Korea’s Lazarus Group may be responsible for this theft, based on the nature of the hack and the subsequent laundering of the stolen funds,” Elliptic wrote in a blog published on Wednesday.
“Team members are working to gather wallet data and strategize plans based on the impact the Horizon bridge theft has caused on users,” Horizon said on Twitter.
While remarkable for the sheer amount of stolen cryptocurrency, the Horizon attack highlighted a vulnerability in so-called cryptocurrency bridges, which have been seen as a solution to clunky inoperability of some blockchains and virtual currencies.
However recent hacks suggest bridges are more exposed to breaches as the technology running them is complex, making them a prime target for hackers.
The North Korean government has consistently denied any role in cyber-enabled theft.
(Updates with Horizon Twitter post in eighth paragraph.)
More stories like this are available on bloomberg.com
©2022 Bloomberg L.P.