The equivalent of $100 million was stolen last week from the Harmony blockchain. The first elements of the investigation point the finger towards the Lazarus group.
Kim Yong-Un’s henchmen are not idle. The North Korean hackers of the Lazarus group are said to be the masterminds of the last great theft of cryptocurrencies. Indeed, on June 24, the Harmony blockchain was stripped worth around $100 million, split into a series of assets. It is still too early to know exactly how this hack was achieved. Hackers reportedly managed to obtain private keys from an inter-blockchain gateway, allowing users to transact between Harmony, Ethereum, and Binance Smart Chain.
The first elements of the investigation point the finger to Lazarus, a hacker group led by Pyongyang and specialized in the virtual robbery of banks and crypto-asset platforms. Last April, this fine team was accused by the FBI of having robbed the Ronin Network blockchain of an equivalent of 500 million dollars. Again, the point of attack was an inter-blockchain gateway.
Harmony commissioned Elliptic Enterprises to conduct the forensic investigation of the attack. According to his analysis, the hackers immediately transformed almost all of the stolen cryptoassets into ether. From June 27, they started laundering the loot in an automated way, using Tornado Cash, a cryptocurrency “mixer” that blurs the origin of a transaction. But Elliptic apparently has a technology that unravels these transactions and allows to know the destination portfolios of the loot. “There are strong indications that the North Korean group Lazarus could be responsible for this theft”deduces Elliptic from these analyses.
Elliptic’s sleuths have no direct evidence of Lazarus’ involvement. Their attribution is based on a set of indices. The modus operandi used, in fact, fits particularly well with that of the North Korean group. In the past, he specialized in hacking blockchain gateways and carried out several thefts of private keys. He is also a master in automated laundering on Tornado Cash. Finally, some members of Harmony’s development team have ties to Asia Pacific countries, which makes phishing attacks easier.
With the crisis, the booty melts like snow in the sun
It is estimated that the Lazarus group stole, in total, the equivalent of $2 billion in cryptoassets. Given the crisis that is currently shaking the world of cryptocurrencies, this jackpot risks being greatly devalued, if it has not already been converted into fiat currency. Chainanalysis analysts have thus detected North Korean wallets from various thefts carried out between 2017 and 2021. Since the beginning of the year, their value has gone from 170 to 65 million dollars. Other portfolios monitored by TRM Labs analysts would have seen their valuation melt by more than 80%. Always a winner.