Lazarus responsible for the Horizon Bridge hack

According to blockchain analysis firm Elliptic, North Korea’s hackers Lazarus are responsible for the recent Horizon Bridge hack.

This caused approximately $1 million in damage. In response, the in-house token ONE crashed. Harmony Project, developers of the Horizon Bridge, switched them off as a precaution after the Lazarus hack. They wanted to prevent further damage.

Attacker moves loot to Tornado Cash

According to Elliptic, the hitherto unknown attacker aka Lazarus began on 27. June with moving his loot into cryptomixer Tornado Cash. This is where Elliptic could start, because they seem to have mastered some “unmixing techniques” . These allow them to at least partially trace back where the money went after shuffling in Tornado Cash. At the time of Elliptic’s report, approximately 41% of the cryptocurrencies were already blended by Tornado Cash.

According to Elliptic, behavior and money laundering style match Lazarus

For Elliptic, the matter is clear: Lazarus must be behind the hack . The loot scheme would fit. Lazarus is also said to be responsible for the Ronin Bridge hack, which brought in 540 millions of US dollars. In total, crypto thefts of over two billion US dollars are said to have gone into their account so far. As with other victims, Lazarus also used the same type of attack in this case: The cryptographic keys of a multi-signature wallet were compromised – probably using social engineering by a Harmony employee.

Also the choice of the target fits North Korean hackers Lazarus, referred to as “Shadow Army” of Kim Jong Un. Because the targets are mostly from, or have ties to, Asia Pacific, like many of Harmony’s core team. The regularity with which the attackers transact to Tornado Cash from the wallet in question speaks to the automation of the process.

When hacking the Ronin Bridge and also other attacks by Lazarus observed Elliptic very similar behaviors. Finally, the length of time they run the transactions also points to an attacker from Asia Pacific, as the attackers stop around when it gets dark there.

Invisibility.info


540

Related Articles

Back to top button