North Korea Behind $100M Harmony Theft, Say Researchers
Hack and Money Laundering Similar to Ronin Bridge Linked to PyongyangHackers tied to cryptocurrency-hungry North Korea are likely responsible for last week's $100 million heist at Harmony, blockchain experts say.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
The secretive, hereditary communist monarchy fuels its nuclear weapons program with stolen cryptocurrency used to dodge international sanctions that prevent ready access to cash.
Researchers at blockchain analytics firm Elliptic say they’re following the stolen cryptocurrency from Harmony's hacked cross-chain Horizon bridge even as it goes through tumblers meant to obscure subsequent transactions (see: Horizon Offers $1M Bounty to Hackers Who Stole $100M).
Telltale signs from the hack and subsequent laundering are consistent with activities undertaken by the Pyongyang-sponsored Lazarus Group.
There's no smoking gun, but Elliptic says that the Lazarus Group is already implicated in several large cryptocurrency thefts and has recently turned its attention to decentralized financial instruments, including bridges that allow the transfers of cryptocurrencies across networks. North Korea is heavily suspected to be behind the more than $600 million Ronin bridge hack in March.
Other data points indicating North Korea include a similar programmatic laundering of funds as also seen in the Ronin hack and a cessation of activity consistent with nighttime in the Asia-Pacific region.
For its part, Harmony has upped an initial offer of $1 million and a promise not to seek criminal charges for the "no questions asked" return of the stolen currency to an offer of $10 million.
So far, Elliptic says that whoever was behind the Harmony Horizon hack has moved 41% of the stolen funds through the Tornado Cash tumbler.