A photo illustration showing the North Korean flag and a computer hacker.
Budrul Chukrut | Sweep pictures | Lightrocket | Getty pictures
North Korean state-sponsored hackers were probably the perpetrators of a hack that led to the theft of around 100 million dollars in cryptocurrency, according to analysis by blockchain researchers.
The hackers aimed at Horizon, a so-called blockchain bridge developed by the American crypto startup Horizon. The tool is used by crypto traders to exchange tokens between different networks.
There are “strong indications”[ads1]; that Lazarus Group, a hacker collective with strong ties to Pyongyang, orchestrated the attack, blockchain analysis firm Elliptic said in a blog post on Wednesday.
Most of the funds were immediately converted to the cryptocurrency eater, Elliptic said. The company added that hackers have started laundering the stolen assets through Tornado Cash, a so-called “mixing service” that tries to hide the trail of funds. So far, about $ 39 million in ether has been sent to Tornado Cash.
Elliptic says they used “demixing” tools to track the stolen crypto sent through Tornado Cash to several new ether wallets. Chainalysis, another blockchain security firm working with Harmony to investigate the hack, supported the findings.
According to the companies, the manner in which the attack was carried out and the subsequent money laundering have a number of similarities with previous crypto thefts believed to have been carried out by Lazarus, including:
- Targeting a “Cross-Chain” Bridge – Lazarus was also accused of hacking another such service called Ronin
- Compromise passwords to a “multisig” wallet that only requires a few signatures to initiate transactions
- “Programmatic” transfers of funds in steps every few minutes
- The movement of funds stops at night in the Asia-Pacific
Harmony said it was “working on different options” to provide reimbursement to users while investigating the theft, but stressed that “additional time is needed.” The company also offered a bounty of $ 1 million for the return of the stolen crypto and information about the hack.
North Korea has often been accused of carrying out cyberattacks and exploiting cryptocurrencies to circumvent Western sanctions. Earlier this year, the US Treasury Department blamed a $ 600 million robbery on Ronin Network, a so-called “sidechain” for the popular crypto game Axie Infinity, on Lazarus.
North Korea has previously denied involvement in state-sponsored cyberattacks, including a 2014 data breach against Sony Pictures.