Cryptocurrency experts now suspect that North Korea was behind last week’s $100 million heist at blockchain provider Harmony.
“There are strong indications that North Korea’s Lazarus Group may be responsible for this theft,” says(Opens in a new window) blockchain analytics firm Elliptic.
The hacker behind the heist has already been spotted laundering the stolen assets through a cryptocurrency-mixing service dubbed Tornado Cash in an effort to prevent authorities from tracking the ill-gotten gains.
The same activity is raising eyebrows because the culprit behind a separate $622 million theft at the Ronin Network blockchain in March also laundered the funds through Tornado Cash. The FBI later linked the incident to Lazarus, an infamous North Korean hacking group with an appetite for stealing cryptocurrencies.
The evidence that Lazarus is behind the Harmony hack is still circumstantial. However, Elliptic says the way the money is being laundered matches with how Lazarus has previously operated.
“The regularity of the deposits into Tornado over extended periods of time suggests that an automated process is being used,” the company says. “We have observed very similar programmatic laundering of funds stolen from the Ronin Bridge, which has been attributed to Lazarus, as well as a number of other attacks linked to the group.”
The heist apparently(Opens in a new window) happened by compromising multiple machines that stored the private keys for the cryptocurrency assets at Harmony. This suggests the hacker used social engineering attacks, such as phishing messages or malicious apps, to dupe several Harmony employees into getting access to their computers. The tactic matches known techniques North Korean hackers have used
Read more on pcmag.com