The US Federal Bureau of Investigation (FBI) confirmed on Monday that North Korean threat actors were responsible for stealing $100 million in cryptocurrency assets from the Harmony Horizon Bridge in June 2022.
Law enforcement agencies attribute the hack to the Lazarus Group and APT38. APT38 is a North Korean government-backed threat group that specializes in financial cyberattacks.
The FBI further said Harmony’s intrusion leveraged an attack campaign called TraderTraitor that was uncovered by the US Cybersecurity and Infrastructure Security Agency (CISA) in April 2022.
The modus operandi was to use social engineering tricks to trick employees of cryptocurrency companies into downloading rogue applications as part of a seemingly harmless recruitment drive.
“On Friday, January 13, 2023, North Korean cyber attackers used the privacy protocol RAILGUN to launder more than $60 million in Ethereum (ETH) stolen in the June 2022 robbery. ‘ said the FBI. “Some of this stolen Ethereum was then sent to multiple virtual asset service providers and converted to Bitcoin (BTC).”
Some of the stolen funds were frozen in cooperation with virtual asset service providers, while the remaining bitcoins were said to have been transferred to 11 different wallets controlled by the attackers.
Notably, the movement of funds related to the Harmony One hack was the first. It’s been found It was by a blockchain researcher who goes by the online alias ZachXBT last week.According to the founder of Binance Zhao Changpeng124 BTC (approximately $2.84 million at the time of writing) was recovered after the transfer was blocked.
A subsequent attempt to move the stash to another cryptocurrency exchange called Huobi was also thwarted, Zhao said. Tweet Shared on January 16, 2023.
According to its own analysis, crypto tracking and anti-money laundering platform MistTrack clearly The ill-gotten gains were moved from the Bitcoin blockchain to the Avalanche, Ethereum, and Tron networks via cross-chain paths chosen to obfuscate the trail.
The cryptocurrency robbery is part of a malicious cyber operation organized by North Korea’s intelligence agency, the Reconnaissance General Bureau, by stealing money from financial institutions (FASTCash and BeagleBoyz), resulting in economic sanctions. It generates substantial income for the country.
The development comes in a series of ransomware attacks targeting DNV, Costa Rica’s Ministry of Public Works and Transport (MOPT), University of Duisburg-Essen, and Yum! brand in recent weeks.
Data collected by blockchain analytics firm Chainalysis shows that ransomware attackers will make at least 4 million more out of victims in 2022, up from peaks of $765 million and $766 million in 2020 and 2021, respectively. extorted $56.8 million.
“But that doesn’t mean the attack is down,” said a report released last week. “Instead, we attribute much of the decline to victim organizations increasingly refusing to pay ransomware attackers.”
