North Korea’s Lazarus Group linked to $100M Harmony exploit North Korea’s Lazarus Group linked to $100M Harmony exploit

North Korea’s Lazarus Group linked to $100M Harmony exploit

with insights from Elliptic

Elliptics says the strategies employed for the Harmony exploit are consistent with the ones used for the Ronin Bridge exploit a few months ago.

North Korea’s Lazarus Group linked to $100M Harmony exploit

Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.

Notorious North Korean hacker group Lazarus is likely behind the recent exploit of Harmony horizon bridge, leading to the loss of $100 million, says Elliptics.

In its report on the hack, the blockchain analytics firm said the strategies employed for the attack are similar to those used for the Ronin Bridge exploit a few months ago.

The hacker stole $100 million worth of assets in different cryptocurrencies such as ETH, WBTC, USDT, and BNB. But they immediately converted everything into ETH using Uniswap (UNI). Elliptics explained that this is a common laundering technique that criminals use.

Although the theft happened on June 24, the hacker did not move the funds until June 27. The hackers have moved around 41% of the funds — equivalent to roughly 39,000 ETH — through Tornado Cash to make the funds untraceable as of press time.

But Elliptics claimed it used transaction screening software to trace the stolen funds passing through Tornado cash to new wallets.

Why Elliptics is linking the hack to Lazarus Group

According to the blockchain analytics firm, its analysis of the hack and laundering shows that it is consistent with how the Lazarus group operates. While there is nothing conclusive to prove this, circumstantial evidence points to it.

Lazarus Group is one of the world’s most successful crypto hacking groups, with over $2 billion in proceeds. In recent years, it has started exploiting cross-chain bridges and was responsible for the Ronin Bridge that cost Axie Infinity around $600 million.

Additionally, the hacker compromised keys to a multi-sig wallet to perpetrate the theft, which is consistent with the methods used by the Lazarus Group.

The firm also pointed out that Harmony falls into the profile of Lazarus Group targets. Although US-based, many of Harmony’s core team members have links in the Asia Pacific region, where Lazarus Group usually focuses.

Furthermore, the consistency of deposits through Tornado cash and the period when the deposits happened is consistent with the Lazarus Group laundering of Ronin bridge funds and APAC nighttime hours.

However, the firm added that it would continue its investigations.

North Korea’s crypto theft links

North Korea has become the boogeyman for crypto projects in recent years. A study by Coincub estimated that the country is leading in crypto crimes globally.

Unlike other countries where crypto crimes are mostly underground, most reports point to crypto theft in North Korea being state-sponsored. A UN report earlier this year claims North Korea is funding its ballistics and weapons programs with stolen crypto.

Mentioned in this article