Lazarus Group of North Korea Under Suspicion of Carrying Out Harmony Cryptocurrency Heist of $100 Million

According to a blockchain provider investigating the heist the method chosen by hackers bears resemblance to the Lazarus' laundering style.

A well-known North Korean hacker group, Lazarus, is suspected to have carried out a US$100 million heist on a California-based blockchain firm Harmony, on Wednesday.

The firm stated that its software, Horizon Bridge, which is responsible for the transfer of crypto between different blockchains, was targeted by the hackers last week.

As per Elliptic Enterprises, a blockchain analysis provider that monitors illicit activities in cryptocurrencies, the Lazarus group is the prime suspect as the method chosen bears striking resemblance to their laundering style.

North Korean Lazarus Group
Twitter

The analysis provider further mentioned that in order to the gain access to the Bridge, the group initially focused on the username and password credentials of Harmony employees in the Asia-Pacific region, Bloomberg reported.

With the help of automated laundering services, they transferred the funds in Asia-Pacific night time. This is one of the most common methods adopted by Lazarus.

The hacker then proceeded to successfully transferred 41% of the US $100 million to Tornado Cash Ethereum mixer by Wednesday. Mixing ETH a privacy measure designed to blur the transaction trail.

North Korean Lazarus Group
Twitter

"There are strong indications that North Korea's Lazarus Group may be responsible for this theft, based on the nature of the hack and the subsequent laundering of the stolen funds," Elliptic wrote in a blog published on Wednesday.

In an effort to reassure its users, Horizon also came on Twitter to announce that experts are working to 'gather wallet data' and developing strategies to combat the aftereffects of the heist.

North Korean Lazarus Group
Twitter

This hack was in many ways similar to the recent US$600 million Ronin Bridge attack, also attributed to Lazarus by the US Treasury Department, as per Elliptic.

While the US Department of Homeland Security has reiterated on several occasions since 2020 that the hacker group is sponsored by the government of North Korea , the East Asian country continues to deny any links to the cyber thefts.

READ MORE