FBI confirms North Korean Lazarus Group was behind major Harmony crypto heist

ethereum on a chipset
(Image credit: Pexels)

The FBI has confirmed that the infamous Lazarus Group, a threat actor believed to have strong ties to the North Korean government, was one of two entities behind the recent Harmony bridge cyberattack.

Harmony, which allows users to transfer cryptocurrency tokens between otherwise separate blockchains, was attacked in in June 2022. The then-unknown hackers managed to steal around $100 million by exploiting flaws in the protocol’s code, making off with a total of 85,867 Ether tokens, native to the Ethereum blockchain.

Now, the FBI says it has evidence that Lazarus Group, together with APT38, was behind the attack.

TechRadar Pro needs you! We want to build a better website for our readers, and we need your help! You can do your bit by filling out our survey and telling us your opinions and views about the tech industry in 2023. It will only take a few minutes and all your answers will be anonymous and confidential. Thank you again for helping us make TechRadar Pro even better.

D. Athow, Managing Editor

Funding for missile programs

“FBI Los Angeles and FBI Charlotte—in coordination with the FBI's Cyber Division, the United States Attorney’s Office for the Central District of California, the United States Attorney’s Office for the District of Columbia, the National Cryptocurrency Enforcement Team, and the FBI's Virtual Assets Unit—continue to identify and disrupt North Korea’s theft and laundering of virtual currency, which is used to support North Korea’s ballistic missile and Weapons of Mass Destruction programs,” the FBI's announcement says.

The law enforcement agency also said the group was observed using RAILGUN on January 13, to launder the stolen funds. RAILGUN is a privacy protocol that the group used to launder more than $60 million worth of Ether. A part of these funds were later sent to “several virtual asset service providers” and converted to bitcoin. The FBI later reached out to some of these service providers and managed to freeze a portion of these funds, it said. 

The rest were sent to a number of bitcoin addresses. 

Lazarus was also behind an attack on the Ronin bridge that took place earlier in 2022, where the group stole $625 million in various cryptocurrencies.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.