24 January 2023

FBI confirms North Korean hackers behind $100M Harmony hack


FBI confirms North Korean hackers behind $100M Harmony hack

The US Federal Bureau of Investigation (FBI) has concluded that North Korea-linked state-sponsored hacker groups known as the Lazarus Group and APT38 are perpetrators behind the $100 million Harmony Bridge hack that took place in June 2022.

The hack targeted a cross-chain bridge connecting Harmony, a Layer 1 blockchain, to Ethereum, Bitcoin, and Binance Chain. This tactic is similar to previous attacks linked to Lazarus Group, including a massive $622 million heist last April of Ronin Network, an Ethereum sidechain used by play-to-earn crypto game Axie Infinity. That same month the US authorities announced sanctions against Lazarus and tied the group to the Ronin Validator Security Breach.

The agency said that in the Harmony case the attackers used the Railgun privacy protocol to launder over $60 million worth of ethereum (ETH) stolen during the June 2022 heist. A portion of the stolen funds was subsequently sent to several virtual asset service providers and converted to bitcoin (BTC). Unrecovered funds were subsequently sent to 11 Ethereum addresses.

It is estimated that North Korean hackers have stolen $1.2 billion worth of cryptocurrency since 2017.

In response to crypto-focused attacks, the US authorities has targeted coin-mixing services: tools that allow users to mix their cryptocurrency coins and thus enable unlinkable payments in a way that prevents tracking of cryptocurrency by both the service provider and the users themselves. In August 2022, the US government imposed sanctions on the popular virtual currency mixer Tornado Cash, for allegedly helping to launder more than $7 billion worth of cryptocurrency since its creation in 2019, including $455 million stolen by the Lazarus Group.

Back to the list

Latest Posts

Cyber security week in review: March 31, 2023

Cyber security week in review: March 31, 2023

The world in brief: Spyware vendors abuse zero-days in iOS and Android, thousands of companies targeted in 3CX supply chain attack, and more.
31 March 2023
Global spyware campaigns take advantage of zero-days in iOS, Android

Global spyware campaigns take advantage of zero-days in iOS, Android

Google discovered two distinct campaigns in November and December 2022.
30 March 2023
Thousands of companies targeted in 3CX supply chain attack

Thousands of companies targeted in 3CX supply chain attack

The trojanized 3CXDesktopApp is the first stage in a multi-stage attack chain that ultimately leads to the download of a infostealer DLL.
30 March 2023