There are “strong indications” that Lazarus Group, a hacking collective with strong ties to Pyongyang, orchestrated the attack, blockchain analytics firm Elliptic said in a blog post on Wednesday.
Blockchain researchers’ investigation suggests that a hack that resulted in the theft of about $100 million in cryptocurrencies was likely carried out by state-sponsored hackers from North Korea.
The so-called blockchain bridge created by American cryptocurrency start-up Horizon was the target of hackers. Crypto traders use the tool to transfer tokens between several networks.
According to a blog post published on Wednesday by blockchain analytics company Elliptic, there are “strong indicators” that the attack was planned by Lazarus Group, a hacking group with close ties to Pyongyang.
According to Elliptic, the majority of the money was quickly changed to cryptocurrency ether. The company went on to say that hackers have begun using Tornado Cash, a so-called “mixing” service meant to hide the trail of money, to launder the stolen assets. Ether valued at about $39 million has already been transferred to Tornado Cash.
Elliptic claims it tracked the stolen cryptocurrency moved through Tornado Cash to a number of new ether wallets using “demixing” technologies. The conclusions were supported by Chainalysis, another blockchain security company that is collaborating with Harmony to look into the hack.
According to the companies, the way the attack was carried out and the subsequent laundering of funds bear a number of similarities with previous crypto thefts believed to be perpetrated by Lazarus, including:
- Targeting of a “cross-chain” bridge — Lazarus was also accused of hacking another such service called Ronin
- Compromising passwords to a “multisig” wallet that requires only a couple of signatures to initiate transactions
- “Programmatic” transfers of funds in increments every few minutes
- The movement of funds stops during Asia-Pacific nighttime hours
While conducting its investigation into the loss, Harmony stated that it is “working on several possibilities” to refund subscribers, but emphasized that “more time is needed.” In addition, the business announced a $1 million reward for information on the hack and the return of any stolen cryptocurrency.
North Korea has been charged with using bitcoin and conducting cyberattacks to evade Western sanctions. The U.S. Treasury Department blamed Lazarus for a $600 million theft that occurred on Ronin Network, a so-called “sidechain” for the well-known cryptocurrency game Axie Infinity, earlier this year.
In the past, North Korea has denied involvement in state-sponsored cyberattacks, including the 2014 Sony Pictures data leak.
