Skip to Content

FBI links Harmony’s $100 million hack to the Lazarus Group

The FBI has formally attributed the hack of the Harmony cryptocurrency bridge platform to Lazarus, a cyber-espionage group working for the North Korean government.

The Harmony crypto-heist took place on June 23, 2022, and resulted in the theft of $100 million in cryptocurrency assets.

Less than a week after the incident, blockchain tracking company Elliptic linked the hack to Lazarus operators by tracking how the funds moved to wallets previously associated with the group.

The funds remained untouched until earlier this month when the Lazarus gang used the RAILGUN privacy protocol to move and launder $63.5 million of the stolen Harmony assets. Some of the laundered funds were frozen in Binance and Huobi accounts, but the bulk still remain under Lazarus’ control.

This week’s announcement marks the second time that the FBI has formally linked a cryptocurrency heist to the Lazarus Group in such a public fashion.

The FBI previously linked the theft of $620 million worth of cryptocurrency assets from the Ronin Bridge to the same Lazarus group back in April 2022.

The FBI says that in both intrusions, the Lazarus gang used a form of malware known as TraderTraitor to compromise employee systems. US officials and security experts say the malware is typically delivered via emails or private messages sent to a company’s employees disguised as high-paying job offers.

The malware is written in cross-platform JavaScript code that runs inside an Electron app, which can deploy different second-stage payloads for both Windows and macOS, depending on the compromised employee’s platform. Besides cryptocurrency platforms, Lazarus has used the same malware to go after gaming and financial sector companies.

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.