- The FBI verified prior claims that the hackers had begun transferring a sizable portion of the monies using privacy techniques.
- The FBI claimed that the U.S. and its cyber and virtual assets units.
The Federal Bureau of Investigation (FBI) claims the Lazarus Group and APT38 were responsible for the $100 million Harmony Bridge Hack in June.
Although a cyber gang with ties to North Korea had long been suspected of being responsible for the attack, police hadn’t yet confirmed their involvement.
The FBI today announced the results of its investigation into the theft of more than $100 million from a virtual currency exchange and payment provider, Horizon Bridge. The Lazarus Group and APT38, cyber actors connected to North Korea, are confirmed by the FBI to be responsible for the theft through their investigation, according to the FBI’s findings.
Security flaws in Harmony’s Horizon Ethereum bridge led to the Harmony Bridge hack in 2022, which gave hackers access to many assets kept in the bridge via 11 transactions. The FBI also noted that earlier this month, the North Korean hackers began transferring about $60 million of the stolen money via the Ethereum-based anonymity protocol RAILGUN.
According to CEO Changpeng Zhao, Binance quickly helped Huobi freeze and reclaimed the digital assets the hackers had placed after it was discovered the hackers were attempting to launder money through that exchange. The FBI stated:
“On Friday, January 13, 2023, North Korean cyber actors used RAILGUN, a privacy protocol, to launder over $60 million worth of Ethereum (ETH) stolen during the June 2022 heist,.. a portion of these funds were frozen, in coordination with some of the virtual asset service providers. The remaining bitcoin subsequently moved to the following addresses.”
The FBI added in its statement that it was working with the U.S. Attorney’s Office, the U.S. Justice Department’s crypto section, and other agencies to identify and stop North Korea’s stealing and trafficking of virtual money, which is used to fund the country’s ballistic missile and Weapons of Mass Destruction programs.
The Lazarus group is a well-known hacking outfit that is thought to have been responsible for several significant crypto industry vulnerabilities, including the $600 million Ronin Bridge hack from last March. Due to the breach, the Lazarus Group was added to the Specially Designated Nationals and Blocked Persons (SDN) list in April.
In reaction to the Ronin Bridge incident, Cybersecurity and the FBI issued a warning alert about state-sponsored cyber threats from North Korea that were aimed against blockchain companies in the same month.