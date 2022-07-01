The Lazarus Group — a North Korean hacking group believed to be backed by the Kim Jong-un regime — is likely behind the hack into a Harmony smart contract last week, an analysis by blockchain research firm Elliptic points out. .

The attack on $100 million worth of cryptocurrencies drained assets from a bridge, a smart contract that allows the transfer of crypto assets between Harmony and other blockchains, including Ethereum (ETH), Tether (USDT) and Bitcoin (BTC). ).

North Korean hackers, Elliptic pointed out, have become increasingly sophisticated. In 2021, they totaled around $400 million, mostly ETH, in cryptocurrency thefts. This year, the total amount has already far exceeded that number.

According to Elliptic, the attackers converted Harmony’s stolen assets into 85,837 ETH after the hack, and as of Monday (27), they began sending some of the ETH to Tornado Cash, a service that breaks the connection between devices. source and destination addresses of a blockchain transaction and which is often used to launder illegally obtained cryptocurrencies.

So far, around 35,000 ETH – 41% of the total amount stolen – has been sent to Tornado Cash.

The Harmony hack is consistent with other hacks attributed to the Lazarus Group, including the Ronin bridge hack of the Axie Infinity Project (AXS) blockchain responsible for embezzling $635 million in March. The episode is touted as possibly the biggest hack in history in the decentralized finance (DeFi) environment.

Elliptic’s analysis also showed other features of the theft that point to the Lazarus Group, such as automated deposits into Tornado Cash, which mimic programmatic laundering of Ronin Bridge funds, as well as the timing of the hack, which can be related to the time of Asia-Pacific region.

The developers of the Harmony project said on Thursday that they have launched a “global manhunt” to catch the culprits behind last week’s $100 million exploit.

A reward offered to individuals who can provide information about the attacker has been increased from $1 million to $10 million. The ETH address to return stolen cryptos is “0xd6ddd996b2d5b7db22306654fd548ba2a58693ac”.

The Harmony team also offered “a final opportunity” for attackers to return assets anonymously. “The final deal is, they can keep the $10 million and return the remaining amount, and the team closes the investigation.”

Earlier this week, hackers transferred over 36,000 ETH, worth $44 million at the time, to Tornado Cash in various transactions. The attacker’s main wallet — tagged “Horizon Bridge Exploiter” on the Etherscan blockchain tracking service — continues to hold more than 33,000 stolen ETH, according to public data accessible via blockchain.

