The $100 million Harmony Protocol attack from last June was carried out by the North Korean hacking group Lazarus Group, the FBI stated on January 23. Six months after the crime, on January 13, more than $60 million in ETH was recovered. This made it possible for the law enforcement agency to positively identify APT38, another North Korean cyber cell, and the Lazarus Group as the perpetrators of the crime.
The hackers attempted to hide their transactions by utilizing the privacy protocol RAILGUN. Even when the hackers tried to trade the money for Bitcoin, exchanges subsequently seized and retrieved some of the assets. Unrecoverable money was then transferred to 11 Ethereum addresses.
Lazarus proving to be a thorn
By the release, the FBI and its partner agencies would continue to detect and disrupt North Korea’s theft and laundering of virtual currency, which is utilized to finance North Korea’s mass destruction programs. Blockchain experts connected the vulnerability in the June Harmony attack to the Lazarus Gang using a mix of on-chain investigation and parallels to earlier hacks carried out by the group. The Lazarus Group has long been a concern for the American government. Still, up until today, the organization had not been formally charged with being behind the Harmony breach.
The cross-chain bridge linking Harmony, a layer-1 blockchain, to Ethereum, Bitcoin, and Binance Chain was the target of the breach. The tactic is reminiscent of other assaults connected to Lazarus Group, such as the $622 million breach of the Ronin Network, an Ethereum sidechain utilized by the play-to-earn game Axie Infinity, that occurred in April.
Caution alert: Lazarus is not only hacking
Cyber organizations linked to North Korea are doing more than just hacking. According to a study published in late December, the Lazarus Group poses as banks, possible employers, and venture investors. The American government has targeted coin-mixing services, which enable users to conceal the usually transparent traces of Bitcoin transactions in reaction to these crypto-focused attacks.
The Treasury Department outlawed Ethereum coin mixer Tornado Cash and multiple wallet addresses linked to it in August, citing the Lazarus Group’s use of the service to launder money from earlier attacks as the reason for the move. In cryptocurrency, the action was roundly criticized as an unlawful overreach that unnecessarily endangered user privacy. The restriction is being contested in a current lawsuit led by cryptocurrency policy NGO Coin Center.