The Federal Bureau of Investigation (FBI) has identified the hacker group Lazarus Group, also known as APT38, as the main suspect in the infamous Harmony heist in June 2022.
The FBI arrived at its conclusion in an investigation that spanned over six months and involved collaboration from the National Cryptocurrency Enforcement Team, the U.S. Attorney’s Offices of California, and the District of Columbia. The FBI’s own Cyber Division and Virtual Assets Unit led the investigations to freeze a portion of the stolen funds.
“Through our investigation, we were able to confirm that the Lazarus Group (also known as APT38) cyber actors associated with the DPRK, are responsible for the theft of $100 million of virtual currency from Harmony’s Horizon bridge reported on June 24, 2022,” the FBI said.
In June 2022, the virtual currency platform announced that it was attacked that led to the loss of $100 million worth of tokens on its Ethereum-linked bridge. The hackers targeted the bridge’s multi-signature wallet, which led to the losses of Ethereum (ETH), Tether (USDT), and USD Coin (USDC) tokens.
Law enforcement agencies swung into action to track the movement of the stolen funds, with the FBI reporting that incisive collaborations with some virtual currency service providers led to the seizure of the funds from the bad actors. The FBI notes that the hackers used the privacy protocol RAILGUN to launder and convert $60 million worth of ETH to BTC.
Despite using the tool, the FBI’s investigators traced that BTC to 11 addresses as it intensified efforts to crack down on the gang’s activities.
Lazarus Group has been confirmed to receive support from North Korea’s government, a claim backed by several security agencies. The latest statement from the FBI confirms that the funds from the Harmony heist are “used to support North Korea’s ballistic missile and Weapons of Mass Destruction programs.”
North Korean hackers leave a trail of destruction in their wake
Since 2017, North Korean hacking groups have been responsible for stealing over $1.2 billion in virtual currencies. In 2022, South Korea’s National Intelligence Service reported that the country’s state-sponsored hacking cells were responsible for pilfering over $600 million from digital asset platforms and users.
Lazarus Group was fingered in Ronin’s over $600 million hack and a spree against financial institutions in Southeast Asia.
To reduce the effects of the marauding hacking groups, the U.S. Treasury Department imposed sanctions on Tornado Cash, a coin mixer regularly deployed by bad actors to launder their loot.
Watch: Sentinel Node – Blockchain Tools to Improve Cybersecurity
New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.
