Elliptic: Lazarus hackers may be behind Horizon attack

Experts at Elliptic said that the Horizon cross-chain bridge attack may have been carried out by Lazarus, a North Korea–linked hacker group.

There are strong indications that North Korea’s Lazarus Group may be responsible for the $100 million Harmony heist | 41% of the stolen cryptoassets have been moved through the Tornado Cash mixer | Read our analysis:https://t.co/CoS2Ozu0WG

— elliptic (@elliptic) June 29, 2022

According to the analysts, the hackers have already sent 41% of the stolen crypto assets to Tornado Cash to launder the funds. At the time of preparing the report, the attackers had transferred more than 35 000 ETH to the mixer.

Earlier, the hackers moved the stolen assets to the decentralised exchange Uniswap and converted them into 85 837 ETH. Elliptic noted that this is a fairly common method of laundering stolen funds.

Analysts highlighted several reasons indicating that Lazarus was behind the hack.

They noted that the assets were transferred to Tornado Cash with a regularity that suggests the involvement of some automated software. A similar system was observed by specialists during the laundering of funds stolen in the Ronin side-chain attack. Presumably the Lazarus hackers are behind it as well.

The theft was carried out by compromising the private keys to a multisig wallet, — probably via a social engineering attack on Harmony team members. Such methods were often used by the Lazarus Group, Elliptic noted.

Moreover, the Lazarus Group is often targeted at victims in the Asia–Pacific region, analysts say. Many members of Harmony’s core team have ties to the region.

Earlier on June 24, the Harmony blockchain platform announced the Horizon cross-chain bridge attack, in which attackers stole assets worth about $100 million.

Initially, the Harmony team offered a reward of $1 million for the return of the stolen funds, later increased it to $10 million.

U.S. authorities issued a warning about threats from North Korean hackers aimed at stealing cryptocurrency.

Follow ForkLog’s Bitcoin news on our Telegram — cryptocurrency news, prices and analytics.