Blockchain researchers’ study indicated that a hack that occurred in the theft of about $100 million in cryptocurrencies was typically brought out by state-sponsored hackers from North Korea.
The so-called blockchain bridge built by American cryptocurrency start-up Horizon was the target of hackers. Crypto traders employ the tool to move tokens between various networks.
According to a blog post released on Wednesday by blockchain analytics company Elliptic, there are “strong indicators” that the attack was planned by Lazarus Group, a hacking group with deep links to Pyongyang.
As per Elliptic, most of the money was immediately shifted to cryptocurrency ether. The corporation went on to say that hackers have begun using Tornado Cash, a so-called “mixing” service meant to hide the trail of money, to launder the stolen assets. Ether valued at about $39 million has already been moved to Tornado Cash.
Elliptic states it tracked the stolen cryptocurrency transferred through Tornado Cash to several new ether wallets utilizing “demixing” technologies. The results were confirmed by Chainalysis, another blockchain security company that is cooperating with Harmony to look into the hack.
The companies say that the attack’s operation and the following money-laundering bore many resemblances to earlier crypto-thefts allegedly committed by Lazarus, involving:
- Targeting a “cross-chain” bridge: Lazarus was also convicted of hacking Ronin, a comparable business.
- obtaining the passwords for a “multisig” wallet that only takes a few signatures to start transactions
- Transfers of money “programmatically” in small quantities every few minutes
- During the evening hours in the Asia-Pacific region, money stops moving.
While completing its inquiry into the loss, Harmony stated that it is “working on the several alternatives” to refund customers but emphasized that “more time is required.” In addition, the business provided a $1 million reward for information on the hack and the return of any stolen cryptocurrency.
North Korea has been charged with using bitcoin and committing cyberattacks to evade Western sanctions. The U.S. Treasury Department claimed Lazarus for a $600 million theft that happened on Ronin Network, a so-called “sidechain” for the well-known cryptocurrency game Axie Infinity, earlier this year.
In the past, North Korea refused to participate in state-sponsored cyberattacks, including the 2014 Sony Pictures data leak.
The American government has put an attempt to combat theft and penalize those who aid hackers. An American cryptocurrency expert named Virgil Griffith was given a 63-month prison term in April after being found guilty of traveling without permission to Pyongyang in 2019 to attend a seminar and impart knowledge to North Koreans about cryptocurrencies and their underlying infrastructure.
Three North Korean hackers have also been charged by the US with taking part in “a wide-ranging criminal conspiracy” that included stealing more than $1.3 billion from banks and cryptocurrency firms. Park Jin Hyok, one of the hackers, worked as an IT contractor for Chosun Expo in China, which American officials have labeled as a front for the Lazarus Group of North Korea.