December 11, 2023

Elliptic: Lazarus hackers may be behind Horizon attack

Elliptic: Lazarus hackers may be behind Horizon attack

Experts from the Elliptic company said that behind the attack on the Horizon cross-chain bridge there may be a connection with the NorthernKorean hacker group Lazarus.

According to analysts, hackers have already sent 41% of the stolen crypto assets to Tornado Cash for money laundering. At the time of writing the report, the attackers transferred more than 35,000 ETH to the mixer.

Before that, the hackers brought the stolen assets todecentralized exchange Uniswap and converted them into 85,837 ETH. Elliptic noted that this is a fairly common method of laundering stolen funds.

Analysts have identified several reasons indicating that North Korean Lazarus was behind the hack.

They indicated that the assets were transferred to TornadoCash with regularity, suggesting the involvement of some automated software. Experts observed a similar system during the laundering of funds stolen during the attack on the Ronin sidechain. Presumably the Lazarus hackers are also behind it.

The theft was committed by compromising closedkeys to a multi-sig wallet, likely through a social engineering attack on members of the Harmony team. Such methods were often used by the Lazarus Group, Elliptic noted. 

In addition, the Lazarus Group frequently targets victims in the Asia-Pacific region, analysts say. Many members of Harmony's core team have connections to the region.

Let us recall that on June 24, the Harmony blockchain platform reported an attack on the Horizon cross-chain bridge, as a result of which attackers stole assets worth about $100 million.

The Harmony team initially offered a $1 million reward for the return of stolen funds, later increasing it to $10 million.

The US authorities have issued a warning about the threats of North Korean hackers aimed at stealing cryptocurrencies.

Read ForkLog bitcoin news in our Telegram - cryptocurrency news, courses and analytics.