The US Federal Bureau of Investigation (FBI) has confirmed that Lazarus group and APT38, two hacking outfits linked to North Korea, were behind the theft of around $100 million in cryptocurrency last year.
In June 2022, hackers stole $100 million in cryptocurrency in the attack on the Horizon bridge, which traders use to swap digital tokens between different blockchain networks.
It was suspected from the start that the hacking of Horizon – which belongs to California-based Harmony blockchain – was executed by hackers linked to the Lazarus group. The FBI has now confirmed that it believes this to be true.
“Through our investigation, we were able to confirm that the Lazarus Group and APT38, cyber actors associated with the DPRK [North Korea], are responsible for the theft of $100 million of virtual currency from Harmony’s Horizon Bridge, reported on June 24, 2022,” it said in a press release.
The agency also confirmed that on January 13, North Korean cyber actors used Railgun, a privacy protocol, to launder $64 million worth of ethereum – a cryptocurrency – stolen during the June 2022 heist.
A portion of this stolen ethereum was subsequently sent to several virtual asset service providers and converted to bitcoin. However, some of these funds were “frozen, in coordination with certain virtual asset service providers,” said the FBI.
Lazarus has been known for targeting casinos, banks, cryptocurrency firms, and the defense industry of Israel, and is believed to be backed by Pyongyang.
In 2022, the North Korea-linked collective shifted its attention to the Decentralized Finance (DeFi) industry and cross-chain bridges. It was blamed by the US Treasury for the $625 million Ronin Bridge hack that took place in March that year.
The FBI said it continues “to identify and disrupt North Korea’s theft and laundering of virtual currency, which is used to support North Korea’s ballistic missile and weapons of mass destruction programs.”
The North Korean regime is widely believed to back cybercrime: around 6,000 hackers allegedly work for the state and operate in over 150 countries, and a tenth of North Korea’s gross domestic product is said to stem from cybercrime – specifically, fraud, theft, and ransomware, a US Army report named “North Korean tactics” said in 2020.
“Simply put,” the former US Assistant Attorney General for National Security John Demers remarked in February 2021, “the regime has become a criminal syndicate with a flag.”
More from Cybernews:
Subscribe to our newsletter