The US Federal Bureau of Investigation (FBI) confirmed on Monday that North Korean threat actors were responsible for stealing $100 million in cryptocurrency assets from the Harmony Horizon Bridge in June 2022.
Law enforcement officials attributed the hack to the Lazarus Group and APT38The latter is a North Korean government-backed threat group that specializes in financial cyber operations.
The FBI further said Harmony’s intrusion leveraged an attack campaign called TraderTraitor that was uncovered by the US Cybersecurity and Infrastructure Security Agency (CISA) in April 2022.
The tactic involved using social engineering tactics to trick employees of a cryptocurrency company into downloading a rogue application as part of a seemingly harmless recruitment drive.
“On Friday, January 13, 2023, North Korean cyber actors used the privacy protocol RAILGUN to launder more than $60 million in Ethereum (ETH) stolen in the June 2022 robbery.” said the FBI. Said“Some of this stolen Ethereum was then sent to multiple virtual asset service providers and converted into Bitcoin (BTC).”
Some of the stolen funds were frozen in cooperation with virtual asset service providers, while the remaining bitcoins were said to have been transferred to 11 different wallets controlled by the attackers.
Notably, the movement of funds related to the Harmony One hack was the first. It’s been found It was by a blockchain researcher who goes by the online alias ZachXBT last week.According to the founder of Binance Zhao Changpeng124 BTC (approximately $2.84 million at the time of writing) was recovered after the transfer was blocked.
A subsequent attempt to move the stash to another cryptocurrency exchange called Huobi was also thwarted, Zhao said. Tweet Shared on January 16, 2023.
According to its own analysis, crypto tracking and anti-money laundering platform MistTrack clearly The ill-gotten gains were moved from the Bitcoin blockchain to the Avalanche, Ethereum, and Tron networks via cross-chain paths chosen to obfuscate the trail.
Cryptocurrency robbery is part of it malicious A cyber operation orchestrated by North Korea’s intelligence agency, the Reconnaissance General Bureau, that steals money from financial institutions (FASTCash and BeagleBoyz) to generate substantial income for the sanctioned countries.
The development also comes amid a series of ransomware attacks targeting DNVMinistry of Public Works and Transport of Costa Rica (Mopt), University of Duisburg-EssenWhen Hmmm!brand the past few weeks.
Data collected by blockchain analytics firm Chainalysis shows that ransomware attackers will make at least 4 million more out of victims in 2022, up from peaks of $765 million and $766 million in 2020 and 2021, respectively. extorted $56.8 million.
“But that doesn’t mean the attack is down.” Said In a report released last week. “Instead, we attribute much of the decline to victim organizations increasingly refusing to pay ransomware attackers.”