FBI: North Korean hackers took $100 million from Harmony crypto hack

FBI confirms that APT38 and the North Korean state-sponsored “Lazarus” hacking groups are responsible for the theft of Ethereum worth $100 Million from Harmony Horizon, June 2022.

Harmony Horizon, an Ethereum cross-chain bridge that June 2022. This breach allowed hackers to take control of the MultiSigWallet contract to send large amounts of tokens directly to addresses.

that explains the technical aspects of the attack. It also includes details about the attack’s flow and steps taken by threat actors to siphon millions.

The FBI has confirmed yesterday that the attacks were carried out by two North Korean hackers, Lazarus (APT38 ) and .

“Through our investigations, we were capable to confirm that APT38 and the Lazarus Group, cyber actors associated the DPRK are responsible for the theft $100 million worth of virtual currency from Harmony’s Horizon bridge on June 24, 2022.” – .

APT38 and Lazarus hacking groups have been linked to the Democratic People’s Republic of Korea and have a history of taking cryptocurrency assets for the government.

According to the FBI, North Korean hackers have stolen and laundered virtual currency in order to fund their ballistic missile defense and weapons-of-mass destruction programs.

The FBI was able to link Lazarus to the heist because of last week’s laundering efforts by one threat group.

The hackers ($63.5 Million) via Railgun, before depositing funds at multiple addresses on three cryptocurrency exchanges.

These addresses are at least under the direct supervision of the Lazarus Group.

Some of the funds were converted to Bitcoin by hackers. The FBI worked closely with virtual asset services providers to seize an unknown portion.

According to the FBI, the rest of the converted funds can be found at the following Bitcoin addresses.

  • 1BK769SseNefb6fe9QuFEi8W4KGbtP8gi3
  • 15FcqYRbwh2JsRUyBjvZ4jJ2XAD3pycGch
  • 1HwSof6jnbMFpfrRRa2jvydYdopkkGB4Sn
  • 15emeZ7buVegqhYh9PekH7cwFEJcCeVNpS
  • 3MSbCJCYtx5sj1nkzD4AMEhhvvviXBc8XJ
  • 17Z79rZpkk8kUiJseg5aELwYKaoLnirMUn
  • bc1qp2vvntdedxw4xwtyd4y3gc2t9ufk6pwz2ga4ge
  • 3P9WebHkiDxCi8LDXiRQp8atNEagcQeRA3
  • 37fnBxofDeph2fpBZxZKypNkwdXAt9nT6F
  • 185NxhFAmKZrdwn9rVga3kqbvDP4FkbTNw
  • 12283Cq1pJ3f1gXwqi6K3bRf5LZb8Bkm6g

that they had intercepted 124 BTC from Harmony Horizon. This was approximately $2.5 Million.

All accounts involved in laundering were also frozen.

Attacks on Past Lazarus

North Korean hackers are known for targeting cryptocurrency companies in order to seize assets and fund their nation’s projects.

Lazarus started targeting crypto users with , and in order to steal victim’s wallets.

The U.S. Treasury, FBI and the FBI connected the Lazarus Group with of Ethereum and USDC tokens of the blockchain-based gaming game Axie.

Later, it was revealed that hackers carried out this attack by sending an with a job offer for one of the Blockchain’s engineers.