Digital Raid: North Korea Blamed for $100 Million Crypto Hack
Analysis from Elliptic Connect shows a clear connection to the Lazarus Group, a prominent North Korean hacking organization.
Last month, hackers stole $100 million worth of cryptocurrency from the blockchain brokerage known as Horizon.
“We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds,” Harmony, which owns Horizon, said in a June 23 tweet.
Now, a new analysis from Elliptic Connect is placing the likely blame for the hack on North Korean hackers.
In a blog post, the company noted that 41 percent of the $100 million in stolen assets have been placed in the Tornado Cash mixer. In its analysis, Elliptic has found that “there are strong indications that North Korea’s Lazarus Group may be responsible for this theft.”
“However, Elliptic has successfully used its Tornado demixing techniques to trace the stolen funds through Tornado Cash to a number of new Ethereum wallets. This means that exchanges and other crypto businesses can use Elliptic’s transaction screening software to detect any incoming funds that originate from the Horizon Bridge Hack, despite the use of the Tornado Cash mixer,” the blog post said.
“Our analysis of the hack and the subsequent laundering of the stolen crypto assets also indicates that it is consistent with activities of the Lazarus Group – a cybercrime group with strong links to North Korea. Although no single factor proves the involvement of Lazarus, in combination they suggest the group’s involvement.”
These include that the Lazarus Group is known for such large crypto thefts, that it used some of the same tactics as past thefts, and that “relatively short periods during which the stolen funds stop being moved out of Tornado cash are consistent with APAC nighttime hours.”
A report last month by coincub.com found that North Korea “leads the world in crypto crime.”
“When it comes to crypto crime, some countries are more prolific than others. North Korea is by far the top-ranked country for crypto crime. Skilled hackers in the Hermit Kingdom have raised funds for the country’s weapons programs through a relentless series of profitable cyberattacks. Attacks from the DPRK’s cyber army have targeted governments and private organizations across the world,” the report said.
Per CNBC, “the U.S. Treasury Department attributed a $600 million heist on Ronin Network, a so-called “sidechain” for popular crypto game Axie Infinity, to Lazarus.” And in early 2021, the Justice Department indicted three North Korean military hackers for their alleged participation in a series of hacks, including the Sony Pictures breach in 2014.
“As laid out in today’s indictment, North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers,” Assistant Attorney General John C. Demers of the Justice Department’s National Security Division, said at the time. “The Department will continue to confront malicious nation state cyber activity with our unique tools and work with our fellow agencies and the family of norms abiding nations to do the same.”
North Korea, however, has long denied that it engages in cybercrime.
Stephen Silver, a technology writer for The National Interest, is a journalist, essayist and film critic, who is also a contributor to The Philadelphia Inquirer, Philly Voice, Philadelphia Weekly, the Jewish Telegraphic Agency, Living Life Fearless, Backstage magazine, Broad Street Review and Splice Today. The co-founder of the Philadelphia Film Critics Circle, Stephen lives in suburban Philadelphia with his wife and two sons. Follow him on Twitter at @StephenSilver.