FBI Announces North Korea-Associated Hackers Responsible For $100 Million Virtual Robbery

On Monday, the Federal Bureau of Investigation (FBI) announced that a North Korea-associated hacking group had carried out a robbery of $100 million in cryptocurrency last year.

Harmony’s Horizon Bridge operates cryptocurrency movements between Harmony and other systems. On June 24, 2022, Harmony’s bridge was hacked and $100 million of virtual funds were taken.

The FBI stated that hackers called the Lazarus Group, also identifiable as APT28, which are connected with North Korea, stole the cryptocurrency.

In a press release, the FBI explained that earlier this month, on Friday, January 13, North Korean hackers utilized RAILGUN, which is a privacy tool, in order to launder ethereum taken last year. The amount laundered came to a worth of more than $60 million.

Some of the money was then delivered to multiple providers and changed into bitcoin, after which some of it was frozen through an effort with the providers. 

The FBI noted that some of its offices, working with other groups, are still finding and interrupting North Korea’s acts of stealing and money laundering of cryptocurrency. It said the criminal actions are utilized in order to prop up North Korea’s Weapons of Mass Destruction and ballistic missile projects.

The FBI added that in the past it published a Cybersecurity Advisory with the Cybersecurtiy and Infrastructure Security Agency, as well as the U.S. Treasury Department. The advisory discussed “TraderTraitor,” a malware effort that was used by North Korea to attack Harmony. 

In June, Reuters reported that hackers from North Korea were probably responsible for the major hack, according to three digital investigative groups. Elliptic, a crypto analysis group, speculated in a report at the time of the cyber attack that Lazarus was responsible. 

“The thief is attempting to break the transaction trail back to the original theft,” the report said. “This makes it easier to cash out the funds at an exchange.”

Last year, Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology on the National Security Council, said she was “concerned about North Korea’s cyber capabilities.”

“They use cyber to gain, we estimate, up to a third of [stolen crypto] [sic] funds to fund their missile program,” she noted.

A few months following the Harmony attack, Nomad, another crypto group, reportedly had cryptocurrency — in the amount of $190 million — taken in multiple incidents. 

The Treasury Department took action last year to place fresh sanctions on a wallet of the Lazarus Group. Crypto analysts reportedly said that the wallet had resources connected to an attack where cryptocurrency was taken in the amount of over $600 million.