N.Korean hackers stole $100 mn in crypto from Harmony Blockchain bridge

Cyber-security researchers have linked North Korea-backed notorious Lazarus Group with stealing $100 million worth digital tokens from Harmony, the crypto startup behind Horizon Blockchain Bridge.

The Lazarus Group has perpetrated several large cryptocurrency thefts totalling over $2 billion, and has recently turned its attention to Decentralised Finance (DeFi) services such as cross-chain bridges, according to London-based blockchain analysis provider Elliptic.

The same group is believed to be behind the $540 million hack of Ronin Bridge.

“The theft was perpetrated by compromising the cryptographic keys of a multi-signature wallet — likely through a social engineering attack on Harmony team members. Such techniques have frequently been used by the Lazarus Group,” the researchers wrote in a blog post.

Harmony admitted that a malicious attack happened on its proprietary Horizon Ethereum Bridge and multiple transactions occurred that compromised the bridge with 11 transactions that extracted tokens stored in the bridge.

“The estimated value at the time of the attack was approximately $100 million,” the US-based company said in a statement late last month.

The hackers stole various digital tokens like Ethereum, Binance Coin, Tether, USD Coin and Dai.

The Horizon Bridge hacker has so far sent 41 per cent of the $100 million in stolen crypto assets into the ‘Tornado Cash’ mixer, said the researchers.

Mixers such as Tornado Cash are used to hide the transaction trail.

“By sending these funds through Tornado, the thief is attempting to break the transaction trail back to the original theft. This makes it easier to cash out the funds at an exchange,” said Elliptic.

In April this year, hackers stole nearly $180 million in cryptocurrency from Beanstalk Farms, a decentralised finance (De-Fi) project.

The FBI in April blamed North Korean hacker group Lazarus for stealing $625 million in cryptocurrency from the Ronin Network, owned by developer group Sky Mavis.

In January this year, hackers stole crypto tokens worth $120 million from Blockchain-based decentralised finance (DeFi) platform BadgerDAO.




Please enter your comment!
Please enter your name here