Skip to content

North Korean Hackers Suspected Of Perpetrating $100 Million Harmony Attack

North Korean hackers are being pointed at as the brains behind last week’s $100 million crypto attack at an American company, multiple news outlets reported Thursday.

The Lazarus Group, a notorious hacking group with apparent ties to the North Korean government, has been pinpointed as the main suspect in the recent attack on the Harmony protocol, in which $100 million were taken.

According to digital investigation agencies, the North Korean hackers have been implicated in a number of similar thefts in recent years. Some experts claim that the Lazarus Group is one of the world’s most persistent cybercriminals.

U.S. Says Lazarus Has Ties With NoKor Gov’t

The United States government believes that Lazarus was acting on behalf of North Korea’s covert intelligence service.

Elliptic, a blockchain analytics company, disclosed in a report that:

“The theft was achieved by compromising the cryptographic keys of a multi-signature wallet — most likely through a social engineering attack on members of the Harmony team. The Lazarus Group has routinely employed such methods.”

Suggested Reading | Three Arrows Capital In Deep Trouble As Court Orders For Its Liquidation

According to the U.S. Federal Bureau of Investigation, Lazarus is a “state-sponsored hacking organization” behind the $622 million breach of a cross-chain bridge utilized by the play-to-earn game Axie Infinity.

Cross-chain bridges facilitate the transfer of data, cryptocurrencies, and non-fungible tokens from one blockchain network to another. It permits the transfer of data and tokens between otherwise segregated data sets on multiple blockchains.

Elliptic reported that the hacking of Harmony’s Horizon Bridge and the subsequent laundering of stolen digital assets exhibit remarkable similarities to past Lazarus Group activities.

BTC total market cap at $365 billion on the daily chart | Source: TradingView.com

North Korean Hackers Good At Their Game

Lazarus targeted the login credentials of Harmony personnel in the Asia-Pacific area in order to compromise the protocol’s security firewalls, as described by Elliptic.

After taking control, the thieves utilized automated laundering software to transfer the stolen assets at night.

According to Nick Carlsen, a former FBI analyst who now studies North Korean cryptocurrency thefts for the American company TRM Labs, “based on transaction behavior, this appears to be a North Korean breach.”

Suggested Reading – Morgan Creek Said To Be In Bid To Secure $250-M To Counter FTX BlockFi Bailout

Additionally, Elliptic asserted that the North Korean hackers have already transferred more than 40 percent of the $100 million to a Tornado Cash mixer. More than 35,000 ETH worth almost $40 million have been delivered to Tornado Cash as of June 27, with the remainder in progress.

The capacity of North Korean hackers to monetize its seized wealth may have been hampered by the recent decline in the prices of crypto, academics and South Korean authorities said, jeopardizing a vital source of revenue for the sanctions-stricken hermit nation.

Featured image from BushidoToken Threat Intel, chart from TradingView.com