Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

North Korean Lazarus Group definitely behind Horizon bridge crypto theft, FBI confirms

Last year, threat actors possibly connected to the authoritarian Democratic People’s Republic of Korea were thought to have stolen US$100 million in cryptocurrency from Harmony’s Horizon bridge.

user icon David Hollingworth
Fri, 27 Jan 2023
North Korean Lazarus Group definitely behind Horizon bridge crypto theft, FBI confirms
expand image

This week, the US Federal Bureau of Investigation (FBI) confirmed that the Lazarus Group was in fact, the perpetrator.

Two FBI offices, working with a raft of partners — including the FBI’s own cyber division, various attorney’s offices, and other law enforcement agencies — are continuing to track such thefts, which the FBI says are directly funding North Korea’s various missile and nuclear weapons programs.

The original theft took place in June 2022 when the hackers were able to use the login details of Harmony employees to compromise the company’s Horizon bridge, which is a connection layer between various currencies allowing users to move their assets between various networks.

The stolen funds were then laundered using a number of automated online services. Forty-one per cent went to the Tornado Cash mixer at the time, according to security company Elliptic Enterprises, which had been tracking the group.

However, the FBI reports that the remainder of the stolen crypto was only laundered recently.

The hackers used the RAILGUN privacy protocol to launder over US$60 million of Ethereum on 13 January this year. The funds were moved to a number of asset service providers before being converted into bitcoin.

“A portion of these funds were frozen, in coordination with some of the virtual asset service providers,” the FBI’s press office said in a statement. However, an unreported amount of bitcoin was then moved to 11 different addresses.

“The FBI will continue to expose and combat the DPRK’s use of illicit activities — including cyber crime and virtual currency theft — to generate revenue for the regime,” the statement concludes.

The Lazarus Group has been in operation since at least 2020.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.