FBI accuses North Korean government hackers of stealing $100M in Harmony bridge theft

The FBI accused two groups of North Korean government hackers of carrying out last year’s heist of $100 million in crypto stolen from a company that allows users to transfer cryptocurrency from one blockchain to another.

On Monday, the FBI announced that the Lazarus Group and APT38 — two groups linked to the North Korean government by both cybersecurity companies and government agencies — were responsible for the hack against the Horizon bridge, created by the U.S. company Harmony, in June 2022.

Citing cybersecurity experts, Reuters reported last year that North Korea was likely the culprit of the hack, which exploited a vulnerability in the bridge to steal various cryptocurrency assets, such as Ethereum, Binance Coin, Tether, USD Coin, and Dai.

The FBI said that on January 13, the North Korean hackers used RAILGUN, a crypto “privacy protocol,” to launder $60 million in Ethereum stolen from Harmony.

“A portion of this stolen ethereum was subsequently sent to several virtual asset service providers and converted to bitcoin (BTC),” the FBI said in its announcement. “A portion of these funds were frozen, in coordination with some of the virtual asset service providers.”

The FBI also published 11 cryptocurrency wallets where the remaining $40 million in stolen bitcoin were moved to.

North Korea has a long history of targeting cryptocurrency companies to raise money for the regime, which sees crypto as a way to evade international sanctions and to fund its nuclear weapons program. Last year, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Treasury Department published an advisory detailing North Korea’s activities targeting crypto companies.

According to South Korea’s National Intelligence Service, North Korea has stolen around $1.2 billion worth of crypto in the last five years, including $626 million in 2022 alone.

Harmony’s Horizon is a so-called blockchain bridge — also known as cross-chain bridges, a tool that allows users to transfer digital assets from one blockchain to another, allowing different blockchains created by different companies to be interoperable. Several of these bridges have had serious vulnerabilities, making them a favorite target for hackers.

“Blockchain bridges have become the low-hanging fruit for cyber-criminals, with billions of dollars worth of crypto assets locked within them,” Tom Robinson, co-founder and chief scientist at blockchain analytics firm Elliptic, told CNBC last year. “These bridges have been breached by hackers in a variety of ways, suggesting that their level of security has not kept pace with the value of assets that they hold.”

Chainalysis, another blockchain analytics firm, estimated that around $1.4 billion were stolen from blockchain bridges last year.