North Korea's Lazarus Group masterminded $100M Harmony hack: FBI confirms

The Federal Bureau of Investigation (FBI) has confirmed the Lazarus Group and APT38 arsenic the culprits down the $100 cardinal Harmony Bridge Hack from June 2022.

The North Korea-linked cyber radical had agelong been suspected of being down the onslaught but their engagement hadn’t been confirmed by authorities until now.

According to a Jan. 23 statement, the FBI noted that “through our investigation, we were capable to corroborate that the Lazarus Group and APT38, cyber actors associated with the DPRK, are liable for the theft of $100 cardinal of virtual currency from Harmony’s Horizon bridge.”

The Harmony Bridge hack successful 2022 was the effect of security holes successful Harmony’s Horizon Ethereum span which allowed the cyber attackers to swipe a fig of assets stored successful the span via 11 transactions.

The FBI besides outlined that the North Korean hackers started shifting astir $60 cardinal worthy of the stolen funds earlier this period via the Ethereum-based privateness protocol RAILGUN. Blockchain sleuth ZachXBT antecedently highlighted such via Twitter connected Jan. 16.

Notably, Binance besides detected the hackers were trying to launder the funds done the Huobi crypto exchange, and past promptly assisted it successful freezing and recovering the integer assets deposited by the hackers, according to CEO Changpeng Zhao.

“On Friday, January 13, 2023, North Korean cyber actors utilized RAILGUN, a privateness protocol, to launder implicit $60 cardinal worthy of Ethereum (ETH) stolen during the June 2022 heist,” the FBI stated, adding that “a information of these funds were frozen, successful coordination with immoderate of the virtual plus work providers. The remaining bitcoin subsequently moved to the pursuing addresses.”

In its statement, the FBI said its cyber and virtual assets units, arsenic good arsenic the U.S. Attorney's Office and the U.S. Justice Department's crypto unit, have continued “to place and disrupt North Korea’s theft and laundering of virtual currency, which is utilized to enactment North Korea’s ballistic rocket and Weapons of Mass Destruction programs."

Related: Google Ads-delivered malware drains NFT influencer’s full crypto wallet

The Lazarus radical is simply a good known hacking syndicate that has reportedly had a manus successful a fig of cardinal exploits successful the crypto industry, and has alleged to person been down the $600 cardinal Ronin Bridge hack from March past year.

In April 2022, the United States Treasury Department Office of Foreign Assets Control indicated arsenic such, by updating its Specially Designated Nationals and Blocked Persons (SDN) to see the Lazarus Group pursuing the hack.

That aforesaid month, the FBI and Cybersecurity and Infrastructure Security Agency besides fired disconnected a informing alert concerning North Korean state-sponsored cyber threats that people blockchain companies successful effect to the Ronin Bridge hack.