The Federal Bureau of Investigation (FBI) has confirmed that Lazarus Group and APT38 are responsible for the $100 million Harmony Bridge hack in June 2022.
The North Korean-linked cyber group has long been suspected of being involved in the attack, but so far their involvement has not been confirmed by the authorities.
According to a January 23 statement, the FBI noted that “during our investigation, we were able to confirm that the Lazarus Group and APT38, cyber actors associated with the DPRK, were responsible for the theft of $100 million in virtual currency from Harmony’s Horizon. bridge.”
The Harmony Bridge hack in 2022 was the result of security holes in the Harmony Horizon Ethereum bridge that allowed cyber attackers to steal a number of assets stored on the bridge through 11 transactions.
The FBI also reported that earlier this month, North Korean hackers began moving about $60 million worth of stolen funds through the Ethereum-based RAILGUN privacy protocol. Blockchain sleuth ZachXBT previously reported this via Twitter on Jan. 16.
Notably, Binance also discovered that hackers were trying to launder funds through the Huobi crypto exchange and then quickly helped it freeze and recover the digital assets deposited by the hackers, according to CEO Changpeng Zhao.
“On Friday, January 13, 2023, North Korean cybercriminals used RAILGUN, a privacy protocol, to launder more than $60 million worth of Ethereum (ETH) stolen in a June 2022 heist,” the FBI said, adding that “some of these funds have been frozen in agreement with certain virtual asset service providers. The remaining bitcoins subsequently moved to the following addresses.”
In a statement, the FBI said its cybersecurity and virtual assets units, as well as the U.S. Attorney’s Office and the U.S. Department of Justice’s Cryptography Unit, continue to “detect and stop the theft and laundering by North Korea of virtual currency that is used to support North Korea’s Ballistic Missile Program and weapons of mass destruction.”
Related: Google Ads Delivered Malware Drains NFT Influencer’s Entire Crypto Wallet
The Lazarus group is a well-known hacker syndicate that reportedly had a hand in a number of key exploits in the crypto industry and was allegedly behind the $600 million Ronin Bridge hack last March.
In April 2022, the US Department of the Treasury’s Office of Foreign Assets Control pointed this out by updating the list of Specially Designated Nationals and Blocked Persons (SDN) to include the Lazarus Group after the hack.
The same month, the FBI and the Cybersecurity and Infrastructure Security Agency also issued a warning about North Korean state-sponsored cyberthreats targeting blockchain companies in response to the Ronin Bridge hack.