FBI Confirms North Korea Was Responsible For $100M Harmony Crypto Hack

The Federal Bureau of Investigation (FBI) announced Monday evening that actors linked to North Korea were responsible for stealing $100 million from a California-based crypto firm last June. Lazarus Group and APT38, two hacking groups linked to North Korea’s capital, Pyongyang, were behind the Harmony’s Bridge Hack in 2022, the FBI said.

The Harmony Horizon Bridge is a service that allows the trading of cryptocurrencies between the Harmony blockchain and other blockchains. In June, the attackers managed to get access to the bridge and walked out with ether (ETH), tether (USDT), and wrapped bitcoin (wBTC).

Six months after the hack, cyber actors used a privacy protocol called Railgun on January 13 to launder more than $60 million worth of stolen ETH of the heist.

The stolen portion of ETH was transferred to multiple digital assets providers and changed to Bitcoin, the FBI stated. Some funds were frozen, and others were sent to 11 Ethereum addresses listed in the organization’s statement.

Blockchain sleuth ZachXBT revealed this on Twitter on January 16th.

1/2 North Korea’s Lazarus Group had a very busy weekend moving $63.5m (~41000 ETH) from the Harmony bridge hack through Railgun before consolidating funds and depositing on three different exchanges. pic.twitter.com/huDumaJeSh

— ZachXBT (@zachxbt) January 15, 2023

Meanwhile, Binance also discovered that hackers were trying to launder funds via the Huobi crypto exchange. Binance’s security team then contacted Hubei and helped it freeze and recover the crypto assets the hackers deposited.

Binance CEO Changpeng Zhao tweeted:

We detected Harmony One hacker fund movement. They previously tried to launder through Binance and we froze his accounts. This time he used Huobi. We assisted Huobi team to freeze his accounts. Together, 124 BTC have been recovered. CeFi helping to keep DeFi #SAFU! 🙏

— CZ 🔶 BNB (@cz_binance) January 16, 2023

The FBI stated:

“On Friday, January 13, 2023, North Korean cyber actors used RAILGUN, a privacy protocol, to launder over $60 million worth of Ethereum (ETH) stolen during the June 2022 heist.” “A portion of these funds were frozen, in coordination with some of the virtual asset service providers. The remaining bitcoin subsequently moved to the following addresses.”

Railgun is a smart contract system that gives zk-SNARK privacy that enables users to participate anonymously in Decentralized Finance (DeFi). This system protects the user’s personal information and the digital assets associated with the transaction from anyone monitoring the transaction.

The statement said that the FBI and its investigative partners continue to detect and prevent the theft and laundering of cryptocurrencies used to back “North Korea’s ballistic missile and Weapons of Mass Destruction programs.”

Crypto Assists North Korea Financially

North Korea is allegedly using stolen cryptocurrencies to fund its illicit nuclear and missile programs. In February, the United Nations also reported that the hermit kingdom’s missile program (North Korea’s nuclear program) largely depends on revenue from cyber hacks.

In April last year, The FBI blamed hackers backed by the North Korean government for the roughly $625-million hack of the popular video game Axie Infinity.

South Korean intelligence started in December that North Korean attackers had stolen approximately 1.5 trillion South Korean won ($1.2 billion) worth of digital currency over the previous five years. About 800 billion South Korean won ($650.5 million) hack appeared in 2022 alone.

Further, Lazarus stole $400 million worth of cryptocurrency in 2021, blockchain analytics firm Chainalysis said.

According to an AP News report, North Korean-linked actors groups, including APT38 and Lazarus Group, have stolen approximately $1.2 billion worth of crypto assets since 2017.

The FBI announced:

“The FBI will continue to expose and combat the DPRK’s use of illicit activities—including cybercrime and virtual currency theft—to generate revenue for the regime.”