North Korea's Lazarus Group masterminded $100M Harmony hack: FBI confirms

Published at: Jan. 24, 2023

The Federal Bureau of Investigation (FBI) has confirmed the Lazarus Group and APT38 as the culprits behind the $100 million Harmony Bridge Hack from June 2022.

The North Korea-linked cyber group had long been suspected of being behind the attack but their involvement hadn’t been confirmed by authorities until now.

According to a Jan. 23 statement, the FBI noted that “through our investigation, we were able to confirm that the Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $100 million of virtual currency from Harmony’s Horizon bridge.”

The Harmony Bridge hack in 2022 was the result of security holes in Harmony’s Horizon Ethereum bridge which allowed the cyber attackers to swipe a number of assets stored in the bridge via 11 transactions.

The FBI also outlined that the North Korean hackers started shifting around $60 million worth of the stolen funds earlier this month via the Ethereum-based privacy protocol RAILGUN. Blockchain sleuth ZachXBT previously highlighted such via Twitter on Jan. 16.

Notably, Binance also detected the hackers were trying to launder the funds through the Huobi crypto exchange, and then promptly assisted it in freezing and recovering the digital assets deposited by the hackers, according to CEO Changpeng Zhao.

“On Friday, January 13, 2023, North Korean cyber actors used RAILGUN, a privacy protocol, to launder over $60 million worth of Ethereum (ETH) stolen during the June 2022 heist,” the FBI stated, adding that “a portion of these funds were frozen, in coordination with some of the virtual asset service providers. The remaining bitcoin subsequently moved to the following addresses.”

In its statement, the FBI said its cyber and virtual assets units, as well as the U.S. Attorney's Office and the U.S. Justice Department's crypto unit, have continued “to identify and disrupt North Korea’s theft and laundering of virtual currency, which is used to support North Korea’s ballistic missile and Weapons of Mass Destruction programs."

Related: Google Ads-delivered malware drains NFT influencer’s entire crypto wallet

The Lazarus group is a well known hacking syndicate that has reportedly had a hand in a number of key exploits in the crypto industry, and has alleged to have been behind the $600 million Ronin Bridge hack from March last year.

In April 2022, the United States Treasury Department Office of Foreign Assets Control indicated as such, by updating its Specially Designated Nationals and Blocked Persons (SDN) to include the Lazarus Group following the hack.

That same month, the FBI and Cybersecurity and Infrastructure Security Agency also fired off a warning alert concerning North Korean state-sponsored cyber threats that target blockchain companies in response to the Ronin Bridge hack.

Tags
Related Posts
US authorities go after 280 crypto accounts allegedly tied to North Korea
"The Justice Department today filed a civil forfeiture complaint detailing two hacks of virtual currency exchanges by North Korean actors," said an Aug. 27 statement from the U.S. Department of Justice, or DoJ. "These actors stole millions of dollars’ worth of cryptocurrency and ultimately laundered the funds through Chinese over-the-counter (OTC) cryptocurrency traders." The hackers allegedly utilized 280 different digital asset accounts. March 2020 saw details of a 2019 legal case surface, in which two Chinese nationals allegedly hijacked piles of crypto assets totaling $250 million. This ordeal appears to be connected with the present day news, the DoJ statement …
Blockchain / Aug. 27, 2020
US charges three North Korean hackers over crypto attacks and WannaCry ransomware
On Wednesday, the United States Department of Justice announced charges against three North Korean hacker. Making the announcement, Assistant Attorney General John Demers condemned the North Korean program, the most famous branch of which is Lazarus Group. Demers said: "North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers." With a country largely sequestered from the international economy, North Korea's hacking program has been a critical source of revenue. Many have linked hacking income from sources like the WannaCry malware and crypto exchange Coincheck with the …
Regulation / Feb. 17, 2021
North Korean Internet Use Spikes 300% as Regime Turns to Cryptocurrencies
North Korea’s internet use saw a 300% surge over the past three years, as the country’s regime has continued to rely on cryptocurrencies for various activities. Exploitation of crypto and blockchain technology is among the primary tactics for the country to generate revenue as well as transfer and use illicitly obtained funds, a new study says. Titled “How North Korea Revolutionized the Internet as a Tool for Rogue Regimes,” the study was released on Feb. 9 by Insikt Group, an intelligence arm of United States-based cybersecurity firm Recorded Future. The report analyzed North Korean senior leadership’s internet activity between Jan. …
Technology / Feb. 11, 2020
DeFi enjoys a prolific start to 2023: Finance Redefined
Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. 2023 started on a bullish note for the entire crypto market, including the DeFi ecosystem, with most of the tokens posting double-digit gains in January and recording multi-month highs. Aside from the bull rally, January also saw a 93% year-on-year decline in losses from DeFi exploits and hacks. The slew of regulatory action against the Mango Markets exploiter is being hailed as a big win for the DeFi sector. The United States Securities and …
Regulation / Feb. 3, 2023
Infamous North Korean hacker group identified as suspect for $100M Harmony attack
The Lazarus Group, a well-known North Korean hacking syndicate, has been identified as the primary suspect in the recent attack that saw $100 million stolen from the Harmony protocol. According to a new report published Thursday by blockchain analysis firm Elliptic, the manner in which Harmony’s Horizon bridge was hacked and the way in which the stolen digital assets were consequently laundered bears a striking resemblance to other Lazarus Group attacks. “There are strong indications that North Korea’s Lazarus Group may be responsible for this theft, based on the nature of the hack and the subsequent laundering of the stolen …
Blockchain / June 30, 2022