Lazarus Group of North Korea behind Harmony attack

North Korean Lazarus Group Believed To Be Behind $100M Harmony Hack

  • North Korea’s Lazarus Group is believed to be behind the $100 million attack on Harmony Protocol’s Horizon bridge.
  • Blockchain forensics company Elliptic said that there were several signs that suggested Lazarus executed the attack.
  • North Korea is suspected to be behind several attacks on the DeFi market, catching the attention of authorities worldwide.

North Korean hackers are the main suspects behind the $100 million hack of the Harmony Protocol, according to blockchain forensics company Elliptic Enterprises. The company said that “there are strong indications” that North Korea stole the ether, 41% of which has moved through the Tornado Cash mixing service.

Harmony’s Horizon Bridge was hacked last week, leading to the team shutting down the bridge and contacting authorities. The team notified exchanges, hoping to limit how much the attackers could make away with. One individual pointed out vulnerabilities in the bridge earlier on April 1.

Elliptic has the tools to demix the mixing capabilities of Tornado Cash. The assertion that North Korea was behind the attack was “based on the nature of the hack and the subsequent laundering of the stolen funds.” The company does point out that there is no single irrefutable evidence that indicates it was Lazarus Group that perpetrated the attack.

Elliptic points out several key strategies in the attack that are representative of Lazarus’ style. This includes using social engineering attacks on the team to compromise the cryptographic keys of a multi-signature wallet, focusing on targets in the Asia Pacific region, the automated deposit of funds into Tornado Cash, and the movement of funds during Asia-Pacific nighttime hours.

Harmony has offered a $1 million bounty for the return of the stolen funds. But if Lazarus is truly behind the attack, then it isn’t getting those funds back.

North Korea Targeting Crypto Projects To Fund Weapons Programs

North Korea is known to be behind several cryptocurrency attacks, with the country’s Lazarus Group being responsible for billions in dollars of theft from the DeFi market. The group is also suspected to be behind the $615 million attack on the Ronin Bridge.

The Lazarus group has caught the attention of U.S. lawmakers. The U.S. Treasury called out the group for attacking critical infrastructure. The funds from their cybercrimes are being used to pay for North Korea’s weapons program. The U.S. Treasury has also sanctioned the Blender.io mixer because it was used by Lazarus.

Of course, North Korea has denied the rumors. There will continue to be attacks on the DeFi market, and projects will have to step up their security to ensure no attacks are successful.