North Korean Hackers Pull Off $100 Million Cryptocurrency Theft
The FBI announced on Monday it has determined that a hacking group associated with the communist North Korean regime pulled off a $100 million cryptocurrency heist last year.
The cyberattack was carried out by a criminal organization known as the Lazarus Group that also calls itself APT28. The crooks hit the Horizon Bridge system owned and operated by cryptocurrency firm Harmony on June 24, 2022. The funds that were stolen were in the form of virtual digital cryptocurrency.
APT28 is known to be connected to the hermit totalitarian North Korean government.
The FBI said in its press release that it determined that North Korean hackers laundered more than $60 million worth of Ethereum tokens on January 13 that had been stolen in last year’s robbery. The hackers used the privacy tool RAILGUN to scrub the Ethereum.
Agents were able to trace the laundered money as it was electronically delivered to an array of recipients and converted into Bitcoin tokens. In addition, the FBI acted in cooperation with some of the private providers in order to freeze some of the laundered proceeds.
The FBI also said it is continuing to work with private groups to find and interrupt the North Korean theft and laundering pipeline. The statement said analysts believe the regime is using the stolen proceeds to fund its ballistic missile and weapons of mass destruction projects.
Federal investigators previously published an advisory with the Treasury Department and the Cybersecurity and Infrastructure Security Agency discussing North Korean attacks on Harmony. The malware-based attack was dubbed “TraderTraitor.”
Initial reports last June indicated North Korean hackers were likely responsible for the Horizon Bridge attack. In a contemporaneous account, the crypto analysis group Elliptic said it believed the Lazarus Group had conducted the hacking operation and theft.
Deputy National Security Advisor for Cyber and Emerging Technology on the National Security Council Anne Neuberger said last year after the theft that she was “concerned about North Korea’s cyber capabilities.” She said her office estimated that as much of North Korea’s missile program was being funded through stolen cryptocurrency.
After the Harmony theft, another cryptocurrency firm named Nomad was attacked in a series of hacks that robbed the company of around $190 million worth of cryptocurrency.
The Treasury Department placed sanctions on a cryptocurrency wallet managed by the Lazarus Group last year. Analysts said the proceeds frozen in that wallet were associated with another cryptocurrency hacking theft that netted more than $600 million.