In mid-2022, crypto project Harmony Horizon’s currency exchange was eased by over $100 million. Now the booty has been washed.
June 2022: Thieves stole over $100 million in crypto coins from the Harmony Horizon Bridge. horizon creates a bridge between the Harmony blockchain and certain other blockchains and allows the corresponding cryptocurrencies to be exchanged.
January 13, 2023: Someone is trying to launder much of the loot: more than $60 million worth of Ethereum is funneled through the Railgun protocol, then traded into Bitcoin on various crypto exchanges.
The FBI follows the events and claims to be able to capture part of the loot. But not all crypto exchanges are cooperative. The FBI has released 11 wallet addresses that are said to have received the rest of the laundered loot.
FBI: It was the Lazarus Group
In addition, the FBI now believes it knows the perpetrators: it is the Lazarus Group, which works on behalf of the North Korean dictator and is also known by other names, including APT38.
Using a scam known as TraderTraitor, Lazarus Group has targeted numerous crypto industry companies, as well as individuals who hold large amounts of crypto coins, or NFT (non-fungible tokens). TraderTraitor starts with a spate of spearphishing messages via email, but also other means of communication. Often, lucrative job offers are faked in order to entice the target person to download a cryptocurrency application.
This software is intended to help, for example, to form a “portfolio for AI trading” or, in exceptional wisdom, to predict exchange rates for cryptocurrencies. After successful installation, these programs download malware. Then the Lazarus Group can gut their target. According to the FBI, the Lazarus Group also used this method for the Harmony Horizon Bridge. Harmony has offered a $10 million reward for information leading to the return of the stolen crypto assets.
Important revenue for North Korea’s military
North Korea has been stealing from banks and crypto speculators for years. According to a leaked report to the United Nations Security Council in the summer of 2019, North Korea has by then stolen more than $2 billion in cyber raids, which it is using for its military build-up including nuclear weapons development.
Since then, significantly more loot should have been added. And according to security services provider Proofpoint, North Korea significantly increased its phishing campaigns in late 2022.
TechAint 