The notorious North Korea-backed hacking collective Lazarus Group is suspected to be behind the recent $100 million altcoin theft from Harmony Horizon Bridge.
Last week Harmony confirmed that its Horizon Bridge, a platform that allows users to move cryptocurrency across different blockchains, had been breached.
The incident involved the exploiter carrying out multiple transactions on 23rd June that extracted tokens stored in the bridge and stole approximately $100 million in cryptocurrency.
Elliptic, a blockchain analytics company, said in a new report, “the stolen crypto assets included Ether (ETH), Tether (USDT), Wrapped Bitcoin (WBTC) and BNB… The thief immediately used Uniswap – a decentralized exchange (DEX) – to convert much of these assets into a total of 85,837 ETH.”
On 27th June, the culprit is said to have begun moving funds amounting to $39 million through the Tornado Cash mixer service in an attempt to obscure the ill-gotten gains and make it difficult to trace the transaction trail back to the original theft.
The analysts were able to “demix” the transactions and said that it was in a position to further track the stolen funds that had been funnelled through the service to a number of new Ethereum wallets.
The threat actor has a history of carrying out cryptocurrency thefts, shown through the company’s attribution to the Lazarus Group, including those targeting cross-chain bridges earlier this year, and the manner in which the funds were stolen and laundered.
Elliptic said, “the theft was perpetrated by compromising the cryptographic keys of a multi-signature wallet – likely through a social engineering attack on Harmony team members. Such techniques have frequently been used by the Lazarus Group.”
“The relatively short periods during which the stolen funds stop being moved out of Tornado cash are consistent with [Asia-Pacific] night-time hours. Although no single factor proves the involvement of Lazarus, in combination they suggest the group’s involvement.”
Harmony has since notified all cryptocurrency exchanges and involved law enforcement, as well as blockchain forensic firms, to help in the recovery of stolen assets. It has also offered “one final opportunity” for cyber thieves to send back the funds with anonymity and “retain $10 million” by 4th July 2022, at 11pm GMT.
Additionally, it has offered a $10 million reward for any information that leads to the return of plundered virtual currencies.
The Horizon Bridge digital heist also arrives against the backdrop of “crypto winter” that has witnessed a steep decline in cryptocurrency markets, sending prices of Bitcoin down below $20,000 and potentially risking a source of income for North Korea.