The FBI has confirmed that the infamous Lazarus Group, a threat actor believed to have strong ties to the North Korean government, was one of two entities behind the recent Harmony bridge cyberattack (opens in new tab).
Harmony, which allows users to transfer cryptocurrency tokens between otherwise separate blockchains, was attacked in in June 2022. The then-unknown hackers managed to steal around $100 million by exploiting flaws in the protocol’s code, making off with a total of 85,867 Ether tokens, native to the Ethereum blockchain.
Now, the FBI says it has evidence that Lazarus Group, together with APT38, was behind the attack.
Funding for missile programs
“FBI Los Angeles and FBI Charlotte—in coordination with the FBI’s Cyber Division, the United States Attorney’s Office for the Central District of California, the United States Attorney’s Office for the District of Columbia, the National Cryptocurrency Enforcement Team, and the FBI’s Virtual Assets Unit—continue to identify and disrupt North Korea’s theft and laundering of virtual currency, which is used to support North Korea’s ballistic missile and Weapons of Mass Destruction programs,” the FBI’s announcement says.
The law enforcement agency also said the group was observed using RAILGUN on January 13, to launder the stolen funds. RAILGUN is a privacy protocol that the group used to launder more than $60 million worth of Ether. A part of these funds were later sent to “several virtual asset service providers” and converted to bitcoin. The FBI later reached out to some of these service providers and managed to freeze a portion of these funds, it said.
The rest were sent to a number of bitcoin addresses.
Lazarus was also behind an attack on the Ronin bridge that took place earlier in 2022, where the group stole $625 million in various cryptocurrencies.