In June, hackers made off with $100 million in crypto assets (opens in new tab) from the Harmony Horizon Bridge. The FBI now says that “cyber actors associated with the DPRK” were behind the theft.
According to the FBI (opens in new tab) (via The Hacker News (opens in new tab)), the Lazarus Group was responsible for the June 24 heist, which forced the company to temporarily halt transactions for at least 24 hours.
Harmony’s Horizon Bridge may sound like an Apex Legends map, but it is actually a fast layer-1 blockchain that acts as a “bridge” for token transfers between Harmony and the Ethereum network, Binance Chain, and Bitcoin. The hackers were able to take advantage of an exploit that allowed them to divert tokens stored from the bridge into their wallets.
The FBI said the Harmony intrusion resulted from an aggressive malware campaign called TraderTraitor (opens in new tab). The FBI, US Treasury Department, and CISA (Cybersecurity and Infrastructure Security Agency) warned that employees from crypto companies are being targeted with sophisticated “social engineering of victims.” Basically, hackers are getting victims to download malicious software through deceptive means.
The statement says, “North Korean cyber actors used RAILGUN, a privacy protocol, to launder over $60 million worth of Ethereum (ETH) stolen during the June 2022 heist.” A chunk of the ill-gotten Ethereum was “subsequently sent to several virtual asset service providers and converted to bitcoin.”
The FBI, working with virtual asset service providers, has reportedly frozen a portion of the stolen assets. However, the actual amount is currently unclear how. 11 digital wallets have been publicly flagged so far by the FBI.
“The FBI will continue to expose and combat the DPRK’s use of illicit activities—including cybercrime and virtual currency theft—to generate revenue for the regime,” the FBI said.
This isn’t the first major crypto-heist pulled off by the Lazarus Group: The same organization was responsible for the massive $600 million Axie Infinity crypto-heist (opens in new tab) in April last year. An FBI representative told PC Gamer at the time that North Korea is pulling crypto-robberies to sidestep US and UN sanctions to fund its weapons program.