The layer 1 blockchain team said it will provide a $1 million reward to anyone with information about the hacker after hackers stole $100 million in cryptocurrencies from Harmony Protocol on Friday.
This afternoon, a prime suspect surfaced.
The Lazarus Group, a prominent cybercriminal group with ties to North Korea, was involved in the way the money was taken and then laundered, claims a research published today by blockchain analytics company Elliptic.
Lazarus, a “state-sponsored hacking operation,” according to the FBI, was found to be responsible for the $622 million hack of a cross-chain bridge utilized by the play-to-earn game Axie Infinity, the US government determined in April. Cross-chain bridges are used to interconnect sidechains (like Axie’s Ethereum sidechain Ronin), which can provide speed and cheaper transaction fees before passing work back to more secure blockchains like the Ethereum mainnet. They connect blockchains and are frequently used to link sidechains.
The Horizon bridge, a cross-chain bridge between Bitcoin, Ethereum, and the Binance Chain, was where Harmony’s attack also happened. The similarity between the two cross-chain bridge assaults is one sign that Lazarus is probably involved, according to Elliptic’s study.
The hacker’s use of social engineering to carry out the attack makes references to other Lazarus hacks. The Harmony assault also has similarities to the Axie Infinity hack in that the laundered pattern of the stolen money suggests automated transfers.
The report mentions: “Although no single factor proves the involvement of Lazarus, in combination, they suggest the group’s involvement.”
Other such factors include the fact that several members of the Harmony team have ties to the Asia Pacific region and that Lazarus frequently targets people in Asia, maybe as a result of the languages utilized. Furthermore, only at night in the Asia Pacific region have the hackers stopped dumping cash that have been used for money laundering.
The money has been used to date as a kind of money laundering through the mixing service Tornado Cash, which enables users to pool large sums of cryptocurrencies and exchange them for other coins in a way that obscures transaction histories.
In this situation, Elliptic was able to “demix” the Tornado Cash transaction traces left by the Harmony hackers and was able to locate the stolen money in a number of fresh Ethereum wallets.
While exchanges and companies might utilize this information to make sure they don’t take any of the stolen money, Harmony has no way to get their money back.