An analysis by Blockchain researchers has claimed that there is a high probability that North Korean state-sponsored hackers are behind the theft of $100 million in cryptocurrencies, via a loophole in what is known as a blockchain bridge.
Hackers targeted a blockchain bridge developed by the US crypto startup Horizon. The tool is used by crypto traders to exchange tokens between different networks.
Analytics firm Elliptic said in a blog post on Wednesday that there were “strong indications” that the Lazarus Group, a mass hacking group with strong ties to Pyongyang, orchestrated the attack.
Elliptic added that most of the funds were immediately transferred to the cryptocurrency Ether. The company alleged that the hackers began laundering the stolen assets through “Tornado Cash”, a so-called “shuffling” service that seeks to hide the trail of the funds. So far, about $39 million in Ether has been sent to Tornado Cash.
Elliptic said it used tools known as “demixing” to track stolen cryptocurrencies sent via Tornado Cash to several new Ether wallets. Chainalysis, another blockchain security company working with Harmony to investigate the breach, backed up the findings, according to CNBC and Al Arabiya.net.
According to the companies, the manner in which the attack was carried out and the subsequent money laundering bear a number of similarities to previous crypto thefts believed to be from the same group known as Lazarus.
Harmony said it was “working on various options” to compensate users during the theft investigation, but stressed that “additional time is needed”. The company also offered a reward of $1 million for the return of the stolen cryptocurrency and information on the hack.
North Korea has long been accused of carrying out cyber attacks and exploiting cryptocurrency to circumvent Western sanctions. Earlier this year, the US Treasury attributed a $600 million theft on the Ronin network, the so-called “side chain” of the popular crypto game Axie Infinity, to Lazarus.
North Korea has denied involvement in state-sponsored cyber attacks in the past, including a 2014 data breach targeting Sony Pictures.