The FBI has accused two groups of North Korean government hackers of carrying out last year’s heist of $100 million in cryptocurrency stolen from a company that allows users to transfer cryptocurrencies from one blockchain to another.
On Monday, the FBI announced that the Lazarus Group and APT38 — two groups linked to the North Korean government by both cybersecurity firms and government agencies — were responsible for the hack against Horizon Bridge, which was created by the U.S. company Harmony, in June 2022.
Citing cybersecurity experts, Reuters reported last year that North Korea was likely the culprit behind the hack, which exploited a vulnerability in the bridge to steal various cryptocurrency assets including Ethereum, Binance Coin, Tether, USD Coin and Dai.
The FBI said that on January 13, North Korean hackers used RAILGUN, a cryptographic “privacy protocol,” to launder $60 million in Ethereum stolen from Harmony.
“A portion of this stolen ethereum was then sent to several virtual asset service providers and converted into bitcoin (BTC),” the FBI said in its statement. “A portion of these funds were committed, in coordination with some of the virtual asset service providers.”
The FBI also released 11 cryptocurrency wallets where the remaining $40 million in stolen bitcoin was transferred.
North Korea has a long history of targeting cryptocurrency companies to raise money for the regime, which sees crypto as a way to avoid international sanctions and fund its nuclear weapons program. Last year, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and the US Treasury Department released an advisory detailing North Korea’s activities targeting crypto companies.
According to South Korea’s National Intelligence Service, North Korea has stolen roughly $1.2 billion worth of cryptocurrency over the past five years, including $626 million in 2022 alone.
Harmony’s Horizon is a so-called blockchain bridge — also known as cross-chain bridges, a tool that allows users to transfer digital assets from one blockchain to another, allowing different blockchains created by different companies to be interoperable. Several of these bridges had serious vulnerabilities, making them a favorite target for hackers.
“Blockchain bridges have become the low-hanging fruit for cybercriminals, with billions of dollars worth of crypto assets locked inside them,” Tom Robinson, co-founder and chief scientist at blockchain analytics firm Elliptic, told CNBC last year. “These bridges have been compromised by hackers in a variety of ways, suggesting that their level of security is not keeping pace with the value of the assets they hold.”
Chainalysis, another blockchain analytics company, estimated that around $1.4 billion was stolen from blockchain bridges last year.