Wednesday, January 25, 2023

FBI: North Korean Hackers Behind $100M Horizon Bridge Theft

Jesse Hamilton
Mon, January 23, 2023 











A pair of North Korean hacker groups were behind the June theft of $100 million in crypto assets from Horizon Bridge, the Federal Bureau of Investigation (FBI) said in a Monday statement.

Horizon Bridge, a service enabling crypto assets to be traded between the Harmony blockchain and other blockchains, was drained of ether (ETH), tether (USDT) and wrapped bitcoin (wBTC). The FBI said that the hackers – “cyber actors associated with the [Democratic People's Republic of Korea]” – relied on a malware campaign known as “TraderTraitor” in the Harmony attack.

Two weeks ago, a privacy protocol, Railgun, was used to launder more than $60 million in ETH stolen during last year’s theft, according to the FBI. A portion of it was sent to other service providers and changed to bitcoin. Some of the funds were frozen, and others were moved to addresses identified in the agency’s statement.

At least one industry research firm had already partially come to the same conclusion on the identity of the attackers last year, identifying Lazarus and North Korea.

U.S. authorities said that North Korea’s thefts of crypto and laundering of the assets are used “to support North Korea’s ballistic missile and Weapons of Mass Destruction programs,” according to the statement.

Lazarus Group had previously been accused of stealing more than $600 million of cryptocurrency from the Axie Infinity-linked Ronin bridge.

Read More: Harmony Hackers Cover Tracks by Bridging Portion of $100M Loot to Avalanche, Ethereum and Tron

FBI accuses North Korean government hackers of stealing $100M in Harmony bridge theft




Lorenzo Franceschi-Bicchierai
Tue, January 24, 2023 

The FBI accused two groups of North Korean government hackers of carrying out last year’s heist of $100 million in crypto stolen from a company that allows users to transfer cryptocurrency from one blockchain to another.

On Monday, the FBI announced that the Lazarus Group and APT38 — two groups linked to the North Korean government by both cybersecurity companies and government agencies — were responsible for the hack against the Horizon bridge, created by the U.S. company Harmony, in June 2022.

Citing cybersecurity experts, Reuters reported last year that North Korea was likely the culprit of the hack, which exploited a vulnerability in the bridge to steal various cryptocurrency assets, such as Ethereum, Binance Coin, Tether, USD Coin, and Dai.

The FBI said that on January 13, the North Korean hackers used RAILGUN, a crypto “privacy protocol,” to launder $60 million in Ethereum stolen from Harmony.

“A portion of this stolen ethereum was subsequently sent to several virtual asset service providers and converted to bitcoin (BTC),” the FBI said in its announcement. “A portion of these funds were frozen, in coordination with some of the virtual asset service providers.”

The FBI also published 11 cryptocurrency wallets where the remaining $40 million in stolen bitcoin were moved to.

North Korea has a long history of targeting cryptocurrency companies to raise money for the regime, which sees crypto as a way to evade international sanctions and to fund its nuclear weapons program. Last year, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Treasury Department published an advisory detailing North Korea’s activities targeting crypto companies.

According to South Korea’s National Intelligence Service, North Korea has stolen around $1.2 billion worth of crypto in the last five years, including $626 million in 2022 alone.

Harmony’s Horizon is a so-called blockchain bridge — also known as cross-chain bridges, a tool that allows users to transfer digital assets from one blockchain to another, allowing different blockchains created by different companies to be interoperable. Several of these bridges have had serious vulnerabilities, making them a favorite target for hackers.

“Blockchain bridges have become the low-hanging fruit for cyber-criminals, with billions of dollars worth of crypto assets locked within them,” Tom Robinson, co-founder and chief scientist at blockchain analytics firm Elliptic, told CNBC last year. “These bridges have been breached by hackers in a variety of ways, suggesting that their level of security has not kept pace with the value of assets that they hold.”

Chainalysis, another blockchain analytics firm, estimated that around $1.4 billion were stolen from blockchain bridges last year.

Hacker exploits Harmony blockchain bridge, loots $100M in crypto

FBI says N. Korea-related hacker group behind U.S. crypto firm heist


The truce village of Panmunjom inside the demilitarized zone (DMZ) separating the two Koreas

Mon, January 23, 2023 

(Reuters) - A hacker group associated with North Korea, the Lazarus Group, also known as APT38, was responsible for the theft last June of $100 million from U.S. crypto firm Harmony's Horizon bridge, the Federal Bureau of Investigation said on Monday.

On Jan. 13, North Korean cyber actors used a privacy protocol called Railgun to launder over $60 million worth of ethereum stolen during the theft in June, the FBI said in a statement.

A portion of the stolen ethereum was subsequently sent to several virtual asset providers and converted to bitcoin, the FBI said.

The FBI said North Korea's theft and laundering of virtual currency is used to support its ballistic missile and Weapons of Mass Destruction programs.

In June last year, California-based Harmony said that a heist had hit its Horizon bridge, which was the underlying software used by digital tokens such as bitcoin and ether for transferring crypto between different blockchains.

Reuters in June reported that North Korean hackers were most likely behind the attack on Harmony, citing three digital investigative firms.

Harmony develops blockchains for decentralized finance - peer-to-peer sites that offer loans and other services without traditional gatekeepers such as banks - and non-fungible tokens.

(Reporting by Sneha Bhowmik in Bengaluru; Editing by Leslie Adler)

No comments:

Post a Comment