The Federal Bureau of Investigation (FBI) has confirmed that the cyberattacks on Harmony Horizon, which resulted in the theft of $100 million worth of Ethereum, were coordinated by North Korean state-sponsored hacking group, Lazarus.

The North Korean APT has moved $63.5 million from the Harmony Horizon hack it was responsible for last year.

The FBI Los Angeles and FBI Charlotte, in collaboration with other law enforcement bodies, are working diligently to uncover and prevent North Korea’s illegal activities involving virtual currency. The ballistic missile program and weapons of mass destruction are believed to have been funded with the stolen currency.

The FBI continues to combat malicious cyber activity, including the threat posed by the Democratic People’s Republic of Korea (DPRK) to the U.S. and our private sector partners.


About Lazarus

The North Korean hacking group is already notorious in the world of threat actors. Active since 2009, Lazarus has been linked to ransomware campaignscryptocurrency scams, cyberespionage, and others.

In June 2022, the cross-chain bridge Harmony Horizon for Ethereum fell victim to a security breach. The hackers were able to gain control of a MultiSigWallet contract, and subsequently transferred large amounts of tokens to their own addresses.

In December 2022, Lazarus was revealed to have spread malware using a fake cryptocurrency app called BloxHolder. Two other notorious campaigns last year were the fake job offers, and the FudModule Rootkit campaign.

What Happened to the Stolen Funds?

The threat actors were discovered to have used a privacy protocol called RAILGUN on the 13th of January 2023 to cleanse over $60 million worth of Ethereum (ETH) stolen in June 2022. A portion of this stolen Ethereum has been converted into Bitcoin.

Several providers of virtual asset services froze a portion of these funds, as well as all accounts involved in the laundering activities. As the FBI advisory mentions, the remainder of the stolen funds has been moved to subsequent addresses:

  • 1BK769SseNefb6fe9QuFEi8W4KGbtP8gi3
  • 15FcqYRbwh2JsRUyBjvZ4jJ2XAD3pycGch
  • 1HwSof6jnbMFpfrRRa2jvydYdopkkGB4Sn
  • 15emeZ7buVegqhYh9PekH7cwFEJcCeVNpS
  • 3MSbCJCYtx5sj1nkzD4AMEhhvvviXBc8XJ
  • 17Z79rZpkk8kUiJseg5aELwYKaoLnirMUn
  • bc1qp2vvntdedxw4xwtyd4y3gc2t9ufk6pwz2ga4ge
  • 3P9WebHkiDxCi8LDXiRQp8atNEagcQeRA3
  • 37fnBxofDeph2fpBZxZKypNkwdXAt9nT6F
  • 185NxhFAmKZrdwn9rVga3kqbvDP4FkbTNw
  • 12283Cq1pJ3f1gXwqi6K3bRf5LZb8Bkm6g

Further, according to CSN, the two major cryptocurrency exchanges Binance and Huobi managed to intercept $2.5 million worth of BTC (124 BTC) that was stolen from Harmony Horizon.

If you liked this article, follow us on LinkedInTwitterFacebookYouTube, and Instagram for more cybersecurity news and topics.

Lazarus Hacking Group Uses New Fake Crypto App to Spread Malware

European Orgs Targeted with DTrack by North Korean Hacking Group Lazarus

Lazarus Group Uses FudModule Rootkit to Abuse Dell Driver Bug

Lazarus Hacking Group Spreads Malware Via Bogus Job Offers

Lazarus Hackers Make Use of Fraudulent Crypto Apps, US Warns

Developer at the Ethereum Admits Guilt in Helping North Korea with Advice on How to Avoid U.S. Sanctions

 Is Bitcoin Safe? Things to Consider Before Investing

Leave a Reply

Your email address will not be published. Required fields are marked *