“Life imitates art”, as the old saying goes. In fiction, Netflix will release a Korean version of “La Casa de Papel”; in the real world, a millionaire crime is suspected to be associated with the government of North Korea: Pyonyang may be behind a hacker attack in the universe of cryptocurrencies.
Let me explain further. Remember the attack that Horizon, a bridge to the ethereum (ETH) blockchain operated by Harmony, suffered last week?
Exactly seven days ago, the scammers took the equivalent of US$ 100 million in digital assets from the US company.
After analysis, three digital investigation companies came to a conclusion: most likely those responsible for the crime at Horizon were hackers sponsored by the North Korean government.
If the suspicions are confirmed, this attack will be the eighth scam associated with North Korea this year alone, totaling approximately $1 billion in stolen funds, according to on-chain analytics firm Chainalysis.
Did North Korea finance the Horizon attack?
Investigating companies believe the way in which the coup was carried out is similar to other attacks that have been linked to North Korea.
“This looks like a North Korean hack based on transaction behavior,” said Nick Carlsen, a former FBI analyst investigating North Korean cryptocurrency thefts for US-based TRM Labs.
It is worth noting that it is not today that North Korea is accused of involvement in cyber attacks to circumvent Western sanctions. Members of the UN even claimed that the country uses the stolen assets to finance nuclear programs.
According to blockchain analysis firm Elliptic, there are “strong indications” that the Lazarus Group, a North Korean hacking group linked to Pyongyang, orchestrated the attack.
According to US officials, Lazarus is controlled by North Korea’s spy service and has been accused of being involved in other cyber attacks.
In early 2022, the U.S. Department of the Treasury linked the theft of $600 million from Ronin (the network of the cryptocurrency game Axie Infinity), in the biggest hacking scam in the history of digital assets, to Lazarus.
What is the hacker’s strategy?
For Chainalysis, a company that is helping Harmony investigate the crime, both the style of the attack, the speed of payments and the laundering of assets to obfuscate the origin are similar to other North Korean scams.
What do I mean by “wash”? According to Elliptic, to eliminate any trace of the crime, the scammers immediately converted most of the stolen funds to ethereum.
“The thief is trying to break the transaction trail back to the original theft. This makes it easier to withdraw funds from an exchange,” Elliptic said in a report.
According to the company, the hackers began laundering the stolen assets through Tornado Cash, a service used to make it difficult to track funds by scrambling transaction keys and addresses using fake wallets. The company stated that, so far, approximately $39 million worth of ETH has been sent to Tornado.
*With information from The Guardian and Reuters