North Korea Likely Behind $100M Horizon Crypto Hack: Experts

North Korea Likely Behind $100M Horizon Crypto Hack: Experts
Written by admin

A photo illustration showing the North Korean flag and a hacker.

Budrul Chukrut | Soup Images | light rocket | fake images

North Korean state-sponsored hackers were likely the perpetrators of an attack that led to the theft of around $100 million worth of cryptocurrency, according to analysis by blockchain researchers.

The hackers targeted Horizon, a so-called blockchain bridge developed by US crypto firm Horizon. Cryptocurrency traders use the tool to exchange tokens between different networks.

There are “strong indications” that the Lazarus Group, a hacking collective with strong ties to Pyongyang, orchestrated the attack, blockchain analytics firm Elliptic said in a blog post on Wednesday.

Most of the funds were immediately converted to the cryptocurrency ether, Elliptic said. The firm added that the hackers began laundering the stolen assets through Tornado Cash, a so-called “mixing” service that seeks to hide the trail of funds. So far, around $39 million worth of ether has been sent to Tornado Cash.

Elliptic says it used “demixing” tools to track stolen crypto sent via Tornado Cash to several new ether wallets. Chainalysis, another blockchain security firm that is working with Harmony to investigate the attack, backed up the findings.

According to the companies, the manner in which the attack and subsequent laundering of funds was carried out bears a number of similarities to previous cryptocurrency thefts believed to have been perpetrated by Lazarus, including:

  • Aiming for a “cross-chain” bridge: Lazarus was also accused of hacking another such service called ronin
  • Compromise passwords to a “multisig” wallet that requires only a few signatures to initiate transactions
  • “Programmatic” transfers of funds in increments every few minutes
  • Fund movement stops during Asia-Pacific overnight hours

Harmony said it is “working on various options” to reimburse users while it investigates the theft, but stressed that “more time is needed.” The company also offered a $1 million reward for the return of stolen crypto and information about the hack.

North Korea has frequently been accused of carrying out cyberattacks and exploiting cryptocurrencies to circumvent Western sanctions. Earlier this year, the US Treasury Department blamed Lazarus for a $600 million heist on the Ronin Network, the so-called “sidechain” of the popular cryptocurrency game Axie Infinity.

North Korea has denied involvement in state-sponsored cyberattacks in the past, including a 2014 data breach targeting Sony Pictures.

About the author


Leave a Comment