Blockchain analytics company Elliptic has raised suspicions that North Korea’s Lazarus Group may be responsible for the recent $100 million theft from cryptocurrency firm Harmony. In a recent advisory, Elliptic confirmed Harmony’s initial claims that the funds were stolen through Horizon Bridge, a platform that facilitates the transfer of cryptocurrency across blockchains.
The stolen crypto-assets included Ether (ETH), Tether (USDT), Wrapped Bitcoin (WBTC), and BNB, according to Elliptic’s report. The thief quickly converted a significant portion of these assets into 85,837 ETH using Uniswap, a decentralized exchange (DEX), as a common laundering technique to evade detection.
Elliptic tracked the ETH to Tornado Cash, a tool frequently used to launder proceeds of crime. Over $39 million of the stolen funds has been sent to Tornado Cash so far, with the laundering process ongoing. Despite attempts to obfuscate the transaction trail, Elliptic utilized Tornado demixing techniques to trace the stolen funds to new Ethereum wallets.
The security researchers at Elliptic noted that the hack and subsequent laundering activities align with the tactics typically employed by the Lazarus Group, a cybercrime group with ties to North Korea. While a definitive link to Lazarus Group cannot be established, various indicators suggest their involvement in the Harmony hack.
Similarities between the Harmony attack and the $540 million hack of Ronin Bridge, which was ultimately linked to North Korea, raise suspicions. Other clues pointing to Lazarus Group’s involvement include the compromise of cryptographic keys of a multi-signature wallet, the targeting of APAC-based entities (despite Harmony being US-based), and the utilization of automated processes to transfer funds to Tornado.
Elliptic has committed to monitoring the movement of the stolen funds as the laundering process unfolds and updating their tools accordingly. The company remains vigilant in tracking the assets and will provide updates on any significant developments in the investigation.
This detailed analysis by Elliptic sheds light on the sophisticated tactics employed by cybercriminals and underscores the importance of robust security measures in the cryptocurrency space. Stay tuned for further updates on this evolving story.