On Monday, the Federal Bureau Of Investigation (FBI) announced it had established that Lazarus Group was involved in the last June’s Harmony Protocol attack that saw over $100 million disappear.
The attackers laundered stolen ETH worth about $65 million on January 14, six months after the exploit happened. That allowed the FBI to positively identify the Lazarus Group, alongside APT38, as the masterminds of the crime.
In trying to obscure transactions, the hackers used a privacy protocol called RAILGUN. Nonetheless, some exchanges froze and recovered a portion of the stolen funds when the cybercriminals tried to swap them for BTC.
Blockchain Analysts Connect Lazarus Group to Harmony Attack
Immediately after the Harmony attack, a group of blockchain analysts used a combination of on-chain analysis and similarities to previous attacks committed by Lazarus Group to conclude that the North Korean organization was involved in the exploit.
Despite being vocal about the dangers that the Lazarus Group posed, the American law enforcement authorities did not officially accuse the Group of its involvement in the Harmony attack at that time until Yesterday.
How Attackers Executed Harmony Exploit
In its announcement, the FBI noted that the attackers targeted a cross-chain bridge that connects Harmony Protocol to Binance, Bitcoin, and Ethereum chains. The strategy is similar to the previous Lazarus Group attacks.
The FBI added that in the past five years, APT38 and Lazarus Group have made away with crypto worth over $1.3 billion. The law enforcer has promised to step up its efforts in combating virtual currency theft.
Furthermore, North Korean hacker groups have allegedly taken their illegal activities beyond just hacks. Last December, a report by Kaspersky, a cybersecurity company, showed that BlueNoroff was posing as a potential employer.
US Government Goes for Coin Mixers in Response to Attacks
In responding to crypto-focused attacks, US government bodies have targeted coin mixers. A coin mixer allows users to obscure crypto transactions. In August 2022, the Treasury Department restricted Tornado Cash.
The agency insisted that the Ethereum coin mixer was used by Lazarus Group and other hackers to launder their stolen funds. The move wasn’t welcomed by the crypto community and it is currently being challenged in court.