Lazarus Group Is Responsible for $100 Million Cryptocurrency Theft

The Federal Bureau of Investigation (FBI) has confirmed that the cyberattacks on Harmony Horizon, which resulted in the theft of $100 million worth of Ethereum, were coordinated by North Korean state-sponsored hacking group, Lazarus.

The North Korean APT has moved $63.5 million from the Harmony Horizon hack it was responsible for last year.

1/2 North Korea’s Lazarus Group had a very busy weekend moving $63.5m (~41000 ETH) from the Harmony bridge hack through Railgun before consolidating funds and depositing on three different exchanges. pic.twitter.com/huDumaJeSh

— ZachXBT (@zachxbt) January 15, 2023

The FBI Los Angeles and FBI Charlotte, in collaboration with other law enforcement bodies, are working diligently to uncover and prevent North Korea’s illegal activities involving virtual currency. The ballistic missile program and weapons of mass destruction are believed to have been funded with the stolen currency.

The FBI continues to combat malicious cyber activity, including the threat posed by the Democratic People’s Republic of Korea (DPRK) to the U.S. and our private sector partners.

Source

About Lazarus

The North Korean hacking group is already notorious in the world of threat actors. Active since 2009, Lazarus has been linked to ransomware campaigns, cryptocurrency scams, cyberespionage, and others.

In June 2022, the cross-chain bridge Harmony Horizon for Ethereum fell victim to a security breach. The hackers were able to gain control of a MultiSigWallet contract, and subsequently transferred large amounts of tokens to their own addresses.

In December 2022, Lazarus was revealed to have spread malware using a fake cryptocurrency app called BloxHolder. Two other notorious campaigns last year were the fake Crypto.com job offers, and the FudModule Rootkit campaign.

What Happened to the Stolen Funds?

The threat actors were discovered to have used a privacy protocol called RAILGUN on the 13th of January 2023 to cleanse over $60 million worth of Ethereum (ETH) stolen in June 2022. A portion of this stolen Ethereum has been converted into Bitcoin.

Several providers of virtual asset services froze a portion of these funds, as well as all accounts involved in the laundering activities. As the FBI advisory mentions, the remainder of the stolen funds has been moved to subsequent addresses:

• 1BK769SseNefb6fe9QuFEi8W4KGbtP8gi3
• 15FcqYRbwh2JsRUyBjvZ4jJ2XAD3pycGch
• 1HwSof6jnbMFpfrRRa2jvydYdopkkGB4Sn
• 15emeZ7buVegqhYh9PekH7cwFEJcCeVNpS
• 3MSbCJCYtx5sj1nkzD4AMEhhvvviXBc8XJ
• 17Z79rZpkk8kUiJseg5aELwYKaoLnirMUn
• bc1qp2vvntdedxw4xwtyd4y3gc2t9ufk6pwz2ga4ge
• 3P9WebHkiDxCi8LDXiRQp8atNEagcQeRA3
• 37fnBxofDeph2fpBZxZKypNkwdXAt9nT6F
• 185NxhFAmKZrdwn9rVga3kqbvDP4FkbTNw
• 12283Cq1pJ3f1gXwqi6K3bRf5LZb8Bkm6g

Further, according to CSN, the two major cryptocurrency exchanges Binance and Huobi managed to intercept $2.5 million worth of BTC (124 BTC) that was stolen from Harmony Horizon.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, YouTube, and Instagram for more cybersecurity news and topics.

Newsletter

If you liked this post, you will enjoy our newsletter.

Get cybersecurity updates you'll actually want to read directly in your inbox.

I agree to have the submitted data processed by Heimdal Security according to the Privacy Policy

Mihaela Popa

COMMUNICATIONS & PR OFFICER

Mihaela is a digital content creator for Heimdal® and the proud owner of an old soul and a curious mind. Passionate to learn and discover more about cybersecurity, she will gladly share her latest finds with you.