North Korea Likely Behind $100M Horizon Cryptocurrency Hack: Experts

Photo illustration depicting the flag of North Korea and a computer hacker.

Budrul Chukrut | sopa images | Light rocket | Getty Images

According to an analysis by blockchain researchers, North Korean state-sponsored hackers were likely the perpetrators of the hack that led to the theft of around $100 million in cryptocurrencies.

Hackers have targeted Horizon, a so-called blockchain bridge developed by American crypto startup Horizon. The tool is used by crypto traders to exchange tokens between different networks.

There are “strong indications” that the Lazarus Group, a hacker collective with close ties to Pyongyang, orchestrated the attack, analytics firm Elliptic said in a blog post Wednesday.

According to Elliptic, most of the funds were immediately converted into cryptocurrency ether. The firm added that the hackers have begun laundering stolen assets through Tornado Cash, a so-called “mixing” service that seeks to hide the traces of the funds. So far, about $39 million worth of Ether has been sent to Tornado Cash.

Elliptic says it used “splitting” tools to trace the stolen cryptocurrency sent via Tornado Cash to several new Ethereum wallets. Chainalysis, another blockchain security firm that is working with Harmony to investigate the hack, confirmed the findings.

According to the companies, the way the attack was carried out and the subsequent laundering of funds shares a number of similarities with previous cryptocurrency thefts believed to have been committed by Lazarus, including:

  • Targeting a “cross-chain” bridge – Lazarus has also been accused of hacking another such service. called Ronin
  • Compromise of passwords to a “multi-sig” wallet, which requires only a couple of signatures to initiate transactions.
  • “Programmatic” fund transfers step by step every few minutes
  • The movement of funds stops at night in the Asia-Pacific region

Harmony said it is “working on various options” to reimburse users as the theft is investigated, but stressed that “additional time is required.” The company also offered a $1 million reward for the return of stolen cryptocurrencies and information about the hack.

North Korea is often accused of conducting cyberattacks and using cryptocurrencies to circumvent Western sanctions. Earlier this year, the U.S. Treasury Department credited Lazarus with stealing $600 million from the Ronin Network, the so-called “sidechain” for the popular crypto game Axie Infinity.

North Korea has denied any involvement in past state-sponsored cyberattacks, including a 2014 data breach targeting Sony Pictures.