FBI confirms North Korean hacker group Lazarus responsible for $100 million Harmony Bridge attack

North Korea had been under doubt about the theft since the first report of the incident.
FBI identified the hackers following Lazarus' use of RAILGUN, a privacy protocol, to launder $60 million worth of ETH tied to the theft.
On the other hand, Wormhole exploiter from February 2022 also began swapping the stolen ETH, borrowing nearly 14 million DAI.

Aaryamann Shrivastava FXStreet

The crypto market has not been privy to attacks and exploits, as over the last few years, billions have been lost to such crimes. One of the leaders in this space is the Lazarus Group, which has been estimated to have exploited the market multiple times now, including the infamous Harmony Horizon bridge attack.

North Korea continues its crypto crimes

Expected to have a hand in the theft, suspicion surrounding the Lazarus Group was confirmed on Monday after the Federal Bureau of Investigation (FBI) made the announcement.

According to the law enforcement agency, the North Korean hacking group tied to the nation's ruling party, the Democratic People's Republic of Korea (DPRK), along with APT38, was responsible for the June 2022 Harmony Horizon bridge theft.

Per the FBI, earlier this month, on January 13, the hackers were found using RAILGUN, a privacy protocol. Using this protocol, more than $60 million worth of ETH was laundered, which was tied to the $100 million Harmony bridge theft.

This amount was then sent to multiple crypto service providers and converted to BTC. The FBI managed to freeze a portion of these funds. Adding to the announcement, the FBI stated,

"FBI Los Angeles and FBI Charlotte…continue to identify and disrupt North Korea's theft and laundering of virtual currency, which is used to support North Korea's ballistic missile and Weapons of Mass Destruction programs."

Wormhole exploiter emerges from the dark

Another hacker on Tuesday reportedly became active who is suspected to be associated with the February 2022 Wormhole exploit. The $256 million worth of ETH stolen from the cross-chain protocol could be seen being shuffled around.

Twitter user Spreek identified the apparent conversion of the stolen Ethereum to wstETH, Lido's liquid-staked ETH, which was then used to borrow stablecoin DAI. According to the Etherscan data, the exploiter took out loans of nearly 14.1 million DAI after swapping $156 million ETH into wstETH.

Following the swaps, the exploiter received another offer from Wormhole, offering $10 million as a bounty reward in exchange for returning all of the stolen funds. No response from the exploiter was noted at the time of this report.

Author

Aaryamann Shrivastava

FXStreet

Aaryamann Shrivastava is a Cryptocurrency journalist and market analyst with over 1,000 articles under his name. Graduated with an Honours in Journalism, he has been part of the crypto industry for more than a year now.

Markets move fast. We move first.

Orange Juice Newsletter brings you expert driven insights - not headlines. Every day on your inbox.

Editor's Picks

Crypto market outlook for 2026

Year 2025 was volatile, as crypto often is. Among positive catalysts were favourable regulatory changes in the U.S., rise of Digital Asset Treasuries (DAT), adoption of AI and tokenization of Real-World-Assets (RWA).

Meme Coins Price Prediction: Dogecoin, Shiba Inu, Pepe recover, echoing Bitcoin rebound

Dogecoin, Shiba Inu, and Pepe are trading mixed as Bitcoin records minor gains on Monday, warming sentiment across the broader cryptocurrency market. Still, the incipient recovery in Dogecoin, Shiba Inu, and Pepe remains fragile amid the prevailing downtrend.