North Korean state-sponsored hackers were believed to be the possible perpetrators of a hack that resulted to the theft of around $100 million in cryptocurrency, according to the analysis of blockchain researchers.
If verified to be true, then last week’s attack would make it the eighth this year 2022 – involving stolen funds worth $1 billion – that could be certainly attributed to North Korea.
The hackers targeted Horizon, a blockchain bridge developed by US crypto start-up Harmony. A cross-chain bridge to Ethereum, it is used by crypto traders to switch tokens between different networks.
There are “strong indications” that a hacking collective with strong ties to Pyongyang named Lazarus Group orchestrated the attack, said blockchain analytics firm Elliptic in a blog post Wednesday.
Most of the funds were quickly converted to the cryptocurrency ether. Hackers have begun laundering the stolen assets via Tornado Cash, a “mixing” service that can obscure the trail of funds. Around $39 million worth of ether has been sent to Tornado Cash so far.
Elliptic states it used “de-mixing” tools to trace the stolen cryptocurrency sent via Tornado Cash to several new ether wallets. Another blockchain security firm that’s working with Harmony to investigate the hack, Chainalysis, backed up the findings.
The companies said that the way the attack was performed and the ensuing laundering of funds were highly similar with previous crypto thefts believed to be executed by Lazarus, including:
- Targeting of a “cross-chain” bridge — Lazarus was also accused of hacking another such service called Ronin
- Compromising passwords to a “multisig” wallet that requires only a couple signatures to initiate transactions
- “Programmatic” transfers of funds in increments every few minutes
- The movement of funds stops during Asia-Pacific nighttime hours
Harmony said they are working on various options to reimburse users as it investigates the theft, but emphasized that “additional time is needed”. The company also initially offered the attackers a bounty worth $1 million, and now bumped that up to $10 million, for the return of the stolen crypto and info on the hack.
North Korea is frequently accused of deploying cyberattacks and exploiting cryptocurrency to get around Western sanctions. Earlier this year, the US Treasury Department claimed Lazarus was linked to a ($600 million) €552 million heist on Ronin Network, a “sidechain” for popular crypto game Axie Infinity.
North Korea has denied involvement in state-sponsored cyberattacks in the past, including a data breach targeting Sony Pictures in 2014.