Harmony’s Horizon Bridge facilitates transfer between Harmony and the Ethereum network, BINANCE Chain and Bitcoin. The Lazarus hacking group exploited a system weakness on the multichain network, thus siphoning about $100 million.
As Bitcoin price neared $24k during the past weekend, North Korean hackers were busy moving part of Harmony’s Horizon bridge funds. While some funds were immediately frozen by some crypto exchanges, CEO Changpeng Zhao () said some exchanges are not cooperative in combating crime, thus facilitating the liquidation of . According to on-chain data from blockchain expert ZachXBT, the Lazarus Group, also known as APT38, moved about 17278 ETH worth approximately $27.18 million to six different exchanges during the weekend.
Reportedly, the APT38 managed to liquidate some of the $27 million Ethers to Bitcoin and successfully managed to withdraw from exchanges.
“Lazarus Group laundered an additional 17,278 ETH through 6 different exchanges on January 28, 2023. The funds were sold for BTC and withdrawn,” ZachXBT
The Lazurus group has been moving laundered funds to several addresses to conceal their real identity over several layers.
Update: Found another main address of 5974 ETH bringing the total laundered by DPRK in past few hours to $27.18m (17278 ETH)
0xdaec47db1bb192429213ecd2e872c7c7c24051d5 pic.twitter.com/4ksbXeAnpK
— ZachXBT (@zachxbt) January 29, 2023
However, Binance and are part of the crypto exchanges that have alerted, through froze, Harmony’s Horizon Bridge stolen assets. Thereby showing the necessary interdependence between centralized exchanges and DeFi platforms.
We detected Harmony One hacker fund movement. They previously tried to launder through Binance and we froze his accounts. This time he used Huobi. We assisted Huobi team to freeze his accounts. Together, 124 BTC have been recovered. CeFi helping to keep DeFi
— CZ ?? Binance (@cz_binance) January 16, 2023
Closer Look at Harmony’s Horizon Bridge Attack
Harmony’s Horizon Bridge facilitates transfer between Harmony and the Ethereum network, Binance Chain and Bitcoin. The Lazarus hacking group exploited a system weakness on the multichain network, thus siphoning about $100 million.
According to a recent update by the United States Federal Bureau of Investigation (FBI), the Lazarus hacking group is solely responsible for the $100 million stolen from Harmony’s Horizon Bridge on June 24, 2022. Reportedly, the Lazarus group supports the North Korean government in its ballistic missile and Weapons of Mass Destruction programs with the stolen funds.
While most of the stolen funds have already been laundered, the stolen assets have been marked high risk on the blockchain to avoid providing liquidity in the future. Moreover, some of the funds have been frozen by several cryptocurrency exchanges in several attempts to liquidate.
“On Friday, January 13, 2023, North Korean cyber actors used RAILGUN, a privacy protocol, to launder over $60 million worth of Ethereum (ETH) stolen during the June 2022 heist. A portion of this stolen Ethereum was subsequently sent to several virtual asset service providers and converted to bitcoin (BTC),” the FBI
Notably, the North Korean hackers used the Tornado Cash crypto mixer to conceal their digital identity. As such, the United States treasury sanctioned Tornado Cash for facilitating North Korean hacking groups. According to Harmony One’s update, about 64k wallets were affected by the $100 million attack.
Cybersecurity News
