North Korea's Lazarus Group suspected of hacking another top tier cryptocurrency project

Investigation into the $100 million crypto heist on California-based Harmony Protocol has revealed a new suspect, North Korea’s Lazarus Group.
$41 million in stolen cryptocurrencies have been stolen via the Tornado cash mixer which mixes user funds to hide cash trails.
Blockchain analytics firm Elliptic uses its demixing capacity to trace the source of funds.
Similarities were drawn between the Harmony heist and the $600 million Ronin Bridge attack, orchestrated by the Lazarus Group.

Blockchain analytics firm Elliptic has found a strong connection between North Korea’s Lazarus Group and the $100 million crypto hack on Harmony’s Horizon Bridge. The firm unmixed transactions on Tornado to trace the $41 million sent to the mixer by hackers and presented findings in their latest blog post.

Horizon Bridge hackers sent $41 million in stolen crypto to Tornado cash mixer

Harmony Protocol’s Horizon Bridge was hacked for $100 million in cryptocurrencies on June 24, 2022. The hacker moved 41% of the stolen assets, worth $100 million, to the Tornado cash mixer. The protocol enhances anonymity in crypto transactions, when assets are added to the mixer, it effectively breaks the on-chain link between source and destination addresses.

The Tornado cash mixer has been used successfully by several hackers in DeFi ecosystem exploits. Layer-1 blockchain Harmony Protocol emerged as the target of one such hack, and further investigation revealed links to North Korea’s Lazarus Group.

Elliptic, a leading blockchain analytics firm used its Tornado demixing capability to trace all of the stolen funds through the mixer onwards to wallets.

Demixed transactions from the Tornado mixer

The analytics firm concluded that there are strong indications that Lazarus Group is responsible for the theft based on the nature of the hack and the laundering of stolen funds. The group is known to have stolen over $2 billion in cryptocurrencies from exchanges and DeFi protocols.

Ethereum (ETH), Tether (USDT), Wrapped Bitcoin (WBTC) and Binance Coin (BNB) were stolen in the Harmony heist. The hackers used Uniswap, a DEX to convert these assets to 85,837 ETH, considered a common laundering technique to avoid seizure of cryptocurrencies.

Analysts have identified similarities between the $100 million Harmony heist and the $600 million attack on the Ronin Bridge. In April 2020, the US Department of Homeland Security had issued an alert against the Lazarus Group and said that the hackers were sponsored by the North Korean government.

Harmony begins global manhunt for criminals behind $100 million hack

Harmony has announced the beginning of a global manhunt for the criminal who stole $100 million from the Horizon Bridge. All exchanges have been notified of the hunt, law enforcement, @Chainalysis and @AnChainAI have ongoing investigations to identify hackers and recover the stolen funds.

Harmony Protocol announced this as the final opportunity for the actor to return stolen assets while maintaining their anonymity.

Harmony has offered a bounty of $10 million to the hacker and asked for the $90 million to be returned. The layer-1 protocol has assured that all investigation will cease if the hacker accepts the terms and returns the stolen assets. Harmony has set a deadline of July 4, 2022, 23:00 GMT for return of the assets.

1/ Harmony has begun a global manhunt for the criminal(s) who stole $100M from the Horizon bridge. All exchanges have been notified. Law enforcement, @Chainalysis, and @AnChainAI have active investigations to identify the responsible actors and recover the stolen assets.
— Harmony (@harmonyprotocol) June 30, 2022

Share: Cryptos feed

Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers. The author will not be held responsible for information that is found at the end of links posted on this page.

If not otherwise explicitly mentioned in the body of the article, at the time of writing, the author has no position in any stock mentioned in this article and no business relationship with any company mentioned. The author has not received compensation for writing this article, other than from FXStreet.

FXStreet and the author do not provide personalized recommendations. The author makes no representations as to the accuracy, completeness, or suitability of this information. FXStreet and the author will not be liable for any errors, omissions or any losses, injuries or damages arising from this information and its display or use. Errors and omissions excepted.

The author and FXStreet are not registered investment advisors and nothing in this article is intended to be investment advice.

Join Telegram