Notorious North Korean hacker group identified as suspect in $100M Harmony attack

The Lazarus Group, a well-known North Korean hacking syndicate, has been identified as the prime suspect in the recent attack in which $100 million was stolen from the Harmony protocol.

According to a new report published today by blockchain analytics firm Elliptic, the way Harmony’s Horizon Bridge was hacked and the way stolen digital assets were laundered bear a striking resemblance to other Lazarus Group attacks.

“There is strong evidence that the North Korean Lazarus Group is responsible for this theft, based on the nature of the hack and the subsequent laundering of the stolen money.”

In addition, Elliptic outlined exactly how the heist was carried out, noting that The Lazarus Group targeted the credentials of Harmony employees in the Asia-Pacific region to breach the protocol’s security system. After taking control of the protocol, the hackers implemented automated money laundering programs that moved the stolen assets late at night.

Elliptic also noted that the hackers have already transferred more than 40% of the $100 million to Tornado Mixer, an Ethereum-based “mixing service” that obfuscates transaction data and makes it extremely difficult for researchers to track the movement of funds.

Initially, the Harmony team offered a $1 million bounty as an incentive for the hackers to return the money. However, on June 29, Harmony increased the premium to $10 million, claiming that a full refund of the money would halt the investigation and no further criminal charges would be initiated.

The $600 million Ronin bridge hack, which took place in April, has also been linked back to The Lazarus Group. Due to current market conditions, the value of the stolen Ether (ETH) has fallen by more than 60% to $230 million.

A recent report from Coinclub.com indicates that North Korea has deployed 7,000 full-time hackers to raise money through cyberattacks, ransomware and crypto protocol hacks. North Korea is the global leader in cryptocurrency-related crime, with more than 15 documented cyber theft cases amounting to approximately $1.59 billion in stolen funds.

Related: Harmony Hacker Sends Stolen Money To Tornado Cash Mixer

Harmony’s Horizon Bridge is the latest addition to a growing list of token bridges that have been attacked, including Meter, Wormhole and Ronin, bringing the total amount of bridge token-related theft to just over $1 billion in 2022 alone.

The biggest token bridge to be hacked was Poly Network in 2021, which lost $610 million that was almost completely returned.