Last week, blockchain analyst investigators linked the theft of $ 100 million in crypto assets to the infamous North Korean-based cybercriminal group Lazarus. The company said it tracked that some of the stolen cryptocurrencies were moved to so-called mixers used to clean up such fraudulent funds.
Blockchain startup Harmony announced on June 23, Horizon Bridge, a cross-chain bridge service used to transfer assets between Harmony’s blockchain and other blockchains. Was being attacked Cryptocurrency assets such as Ethereum, wrapped Bitcoin, Binancecoin and tether have been stolen.
According to blockchain analytics firm Elliptic, the attackers quickly used the decentralized exchange Uniswap to convert most of their assets to 85,837 Ethereum.
A few days later, the thief began moving Ethereum to the tornado cash. Tornado Cash is a mixer used to clean stolen assets. As of June 29, the attackers had moved about 35,000 Ethereum (about $ 39 million) to the tornado cash, and the process is ongoing, Elliptic researchers write: Blog post..
“By sending these funds through a tornado, thieves are trying to return the traces of the transaction to the original theft, which makes it easier to monetize the funds on the exchange,” they write. ..
Using the company’s unique tornado demixing technique, elliptic researchers were able to track funds stolen through tornado cash to several new Ethereum wallets. They also suggested that other exchanges and cryptocurrency businesses can use Elliptic’s transaction screening software to detect if there are deposits from Horizon Bridge hacks.
Attack analysis found a combination of factors that indicated that the company was involved in the Lazarus Group.Gangsters have recently begun stealing over $ 2 billion through the theft of multiple cryptocurrencies Focus on decentralized finance (DeFi) services Like a cross-chain bridge. Lazarus is suspected of being behind a robbery of at least $ 540 million in last month’s hack on Ronin Bridge, an Ethereum-based network that supports the blockchain video game Axie Infinity.
There were similarities between the Horizon Bridge and Ronin Bridge attacks, including the process of automating deposits in tornadoes.
U.S. Treasury Identified Lazarus – Also known as AppleWorm, APT-C-26, Hidden Cobra – announced new sanctions against the Lazarus Ethereum wallet as a possible perpetrator behind the Ronin Bridge breach.
Researchers also said that the Horizon Bridge attack was carried out by violating the encryption key of a multi-signature wallet, which is likely to have been carried out through a social engineering attack on Harmony employees, US-based Harmony. Many of our core teams have pointed out that they are linked to Asia-the Pacific region, and the time the stolen funds were not transferred from the tornado cash coincides with the night time in that region.
They wrote that all of those indicators pointed their fingers at Lazaro.
Among them Latest update This week, Harmony officials wrote that a “global search for criminals” is underway, all exchanges have been notified, and law enforcement and harmony partners Chainalysis and AnChain AI are investigating.
They also reaffirmed the July 4 deadline for hackers to anonymously return crypto assets and hold $ 10 million. At the same time, the company provided a $ 10 million bounty for information that would lead to the return of funds and the arrest of hackers.
In April, three U.S. agencies warned about Lazarus’ growing interest in the cryptocurrency market that gangs have been targeting since at least 2020, and last year about Lazarus’ Apple Jeus malware used to steal cryptocurrencies. I sent a warning.
North Korean hacking group targeting crypto
Roger Grimes, a data-driven defense evangelist at KnowBe4, a security awareness training company, said: Register North Korean hacking groups have long targeted traditional financial funds and are now focusing on cryptocurrencies. The main reason is that it is difficult to reverse the situation when an attack occurs.
“In traditional finance, if someone steals something of value, it’s pretty easy to identify the theft, cancel the transaction, and get the victim back again,” Grimes said.
“Cryptocurrencies are similar to bearer bonds. The owner of a bearer bond is the” legal “owner of the bond and its associated value, even if it is stolen. Most cryptocurrencies and their associated blockchains do not have a mechanism to cancel the transfer of value. Even if the transfer is illegal or unethical in every possible way, the thief can laugh at everyone’s face and say, “I apologize for the bad luck.”
Given the large number of scams and thefts associated with cryptocurrencies and other DeFi projects, many of these groups are working on ways to undo or limit the damage caused by the theft and scams. But that’s not easy, he said.
“Many of the crypto and DeFi industries are fighting these new reversals as they are starting to make their transactions look more regulated and approaching the regular currencies and banks that many of the online industries essentially dislike. “Grimes said. “While the crypto and DeFi industry is fighting tighter regulations, thieves like this North Korean hacking group will continue to take advantage.”
However, as long as you can be robbed unreliably, the number of people participating will not increase significantly, and increased regulation and surveillance may be needed. ®