According to research firm Elliptic, Lazarus Group is behind the Harmony Protocol Horizon Bridge hack.
Lazarus Group, a North Korean cybercriminal group, may be behind the Harmony Protocol Horizon bridge hack, according to a recent investigation.
According to research firm Elliptic, Lazarus Group is behind the Harmony Protocol Horizon bridge hack that led to the theft of $100 million in cryptocurrencies.
The accusation is based on a tracking of the stolen cryptocurrencies with the aim of identifying who is moving them through the Web and, due to the fact that the laundering method bears its characteristics, Lazarus Group would be the main suspect in the hack:
“There are strong indications that North Korea’s Lazarus Group may be responsible for this theft, based on the nature of the hack and subsequent laundering of the stolen funds.”
Harmony Protocol: A $100 Million Hack
On June 23, Harmony Protocol announced that it had suffered a $100 million hack in various crypto assets through a Horizon bridge exploit.
As reported by BeInCrypto, the stolen cryptocurrencies were sent to the hacker’s Ethereum address. In this way, Horizon became the third major bridge to suffer an exploit so far this year.
Subsequently, on June 27, the hacker began moving ETH to Tornado Cash. So far, just over 35,000 ETH ($39 million) of the stolen funds have been sent to the popular cryptocurrency mixer.
Amidst the uncertainty caused by the hack, on June 28 the Harmony Protocol team reached out to the crypto community on Twitter to provide some reassurance:
“Our community and ecosystem are everything, and we want to show our support and appreciation for all of you.
Harmony’s content and communications teams will be significantly ramping up joint marketing efforts in the coming weeks, showcasing the great teams and apps in our ecosystem.”
Lazarus Group Becomes Prime Suspect
Over the years, North Korea’s Lazarus Group has been the subject of major crypto heists totaling more than $2 billion. The most famous and recent was the nearly $600 million hacks of Axie Infinity’s Ronin Bridge.
In this sense, the United States Department of the Treasury sanctioned the address that received the stolen funds.
Elliptic notes that the Horizon bridge hack was the product of a social engineering attack on members of the Harmony team, noting that “these techniques have been used frequently by the Lazarus Group.” Furthermore, the research team adds that, “Lazarus Group tends to focus on APAC [Asia-Pacific Region] based targets, perhaps for language reasons. Although Harmony is based in the US, much of the core team has ties to the APAC region.”
At the same time, Elliptic emphasizes the relationship between timing and movement of funds:
“The relatively short periods during which stolen funds stop being pulled out of Tornado cash are consistent with APAC overnight hours.”
Despite the Lazarus Group’s prominence in cyberattacks, the recent market crash has seen the value of stolen cryptocurrencies held by North Korea drop by more than 60%, as reported by BeInCrypto.
By Audy Castaneda
