The FBI also confirmed earlier this month reports by people such as ZachXBT that the hackers had begun moving a major portion of the monies around using privacy mechanisms.
The FBI has identified the Lazarus Group and APT38 as the perpetrators of the $100 million Harmony Bridge Hack that occurred in June 2022.
Authorities had long assumed a North Korean-linked cyber gang was behind the hack, but their involvement had not been proved.
According to a Jan. 23 statement, the FBI “confirmed that the Lazarus Group and APT38, cyber actors affiliated with the DPRK, are responsible for the theft of $100 million in virtual currency from Harmony’s Horizon bridge.”
The Harmony Bridge hack in 2022 was caused by security flaws in Harmony’s Horizon Ethereum bridge, allowing cyber attackers to steal a lot of assets kept on the bridge via 11 transactions.
The FBI also stated that the North Korean hackers began transferring approximately $60 million in stolen assets earlier this month via the Ethereum-based privacy protocol RAILGUN. ZachXBT, a blockchain expert, had mentioned this on Twitter on January 16.
According to CEO Changpeng Zhao, Binance also discovered the hackers’ attempts to launder cash through the Huobi crypto exchange and swiftly supported it in freezing and reclaiming the digital assets deposited by the hackers.
“On Friday, January 13, 2023, North Korean cyber actors used RAILGUN, a privacy protocol, to launder over $60 million worth of Ethereum (ETH) stolen during the June 2022 heist,” the FBI stated, adding that “a portion of these funds were frozen, in coordination with some of the virtual asset service providers. The remaining bitcoin was then sent to the addresses listed below.”
The FBI’s cyber and virtual assets units, as well as the US Attorney’s Office and the US Justice Department’s crypto unit, have continued “to identify and disrupt North Korea’s theft and laundering of virtual currency, which is used to support North Korea’s ballistic missile and Weapons of Mass Destruction programmes,” according to the statement.
The Lazarus organisation is a well-known cyber syndicate that has allegedly been involved in a number of important attacks in the crypto business, including the $600 million Ronin Bridge hack from March of last year.
Following the hack, the United States Treasury Department Office of Foreign Assets Control updated its Specially Designated Nationals and Blocked Persons (SDN) list to add the Lazarus Group in April 2022.
In reaction to the Ronin Bridge incident, the FBI and Cybersecurity and Infrastructure Security Agency issued a warning alert about North Korean state-sponsored cyber threats against blockchain companies the same month.