In June, hackers made off with $100 million in crypto assets (opens in new tab) of the Harmony Horizon Bridge. The FBI now says that “cyberactors associated with the DPRK” were behind the theft.
According to the FBI (opens in new tab) (through The hacker news (opens in new tab)), the Lazarus Group was responsible for the June 24 robbery, forcing the company to temporarily halt transactions for at least 24 hours.
Harmony’s Horizon Bridge may sound like an Apex Legends map, but it’s actually a fast layer-1 blockchain that acts as a “bridge” for token transfers between Harmony and the Ethereum network, Binance Chain, and Bitcoin. The hackers were able to take advantage of an exploit that allowed them to redirect tokens stored from the bridge to their wallets.
The FBI said the Harmony break-in was the result of an aggressive malware campaign called TraderTraitor (opens in new tab). The FBI, US Treasury Department and CISA (Cybersecurity and Infrastructure Security Agency) have warned that employees of crypto companies are being targeted by advanced social engineering of victims. In short, hackers try to trick their victims into downloading malicious software.
The statement says, “North Korean cyber actors used RAILGUN, a privacy protocol, to launder more than $60 million worth of Ethereum (ETH) stolen in the June 2022 heist.” Some of the ill-gotten Ethereum was “subsequently sent to various virtual asset service providers and converted into bitcoin.”
The FBI, working with virtual asset service providers, reportedly froze some of the stolen assets. However, the actual amount is currently unclear how. So far, 11 digital wallets have been publicly flagged by the FBI.
“The FBI will continue to expose and combat the DPRK’s use of illegal activities – including cybercrime and theft of virtual currencies – to generate revenue for the regime,” the FBI said.
This is not the first major crypto heist by the Lazarus Group: the same organization was responsible for the massive one $600 million Axie Infinity crypto heist (opens in new tab) in April last year. An FBI representative told PC Gamer at the time that North Korea is conducting crypto heists to evade US and UN sanctions to fund its weapons program.