Researchers Blame North Korea for $100 Million Horizon Bridge Cryptocurrency Theft Amid ‘Global Manhunt’

The hackers have moved quickly to launder those assets since last week, according to Elliptic. According to the report, the Horizon Bridge hacker had already sent nearly half (41%) of the stolen cryptocurrency assets though the Tornado Cash mixer, a so-called “demixing” tools often used to conceal the trail of funds.

That analysis was backed up on Thursday by Chainalysis, which is currently helping Harmony investigate the theft. “The attack vector & high velocity of structured payments to a mixer is similar to previous attacks that were attributed to DPRK-linked actors,” Chainanlaysis wrote in a tweet.

In a statement Wednesday, Harmony said it has notified law enforcement to investigate the theft and has since begun their own search for the culprits. The company gave what it described as a final ultimatum to the hackers: Return the stolen funds now and keep $10 million for yourselves.

“There is no honor amongst thieves,” Harmony wrote. “We are offering you $10M for information leading to the return of stolen funds.” That offer stands until July 4th, but given Elliptic’s recent analyses showing the rapid rate at which the hackers are laundering the funds, voluntary recovery appears unlikely.

North Korea’s Long History of Digital Theft

While North Korea may lack basic internet, electricity, food, and human rights, its state-supported hacking groups do have a real knack for digital theft. Back in April, the FBI released a statement blaming North Korea’s Lazarus Group for a much larger theft of $625 million worth of cryptocurrency from the Ronin blockchain. In that case, hackers haled away with some around 173,600 ether and 25.5 million USDC.

This isn’t necessarily a new trend either. Earlier this year, the Department of Homeland Security issued an alert saying that Lazarus Group had engaged in various forms of crypto theft since at least 2020.

“North Korea’s Lazarus Group actors have targeted various firms, entities, and exchanges in the blockchain and cryptocurrency industry using spearphishing campaigns and malware to steal cryptocurrency,” the agency wrote. “These actors will likely continue exploiting vulnerabilities of cryptocurrency technology firms, gaming companies, and exchanges to generate and launder funds to support the North Korean regime.”

In total, the U.S. The Department of Justice estimates the Lazarus Group has allegedly made off with over $1 billion in cryptocurrency through hacking campaigns.

And while North Korea has focused its efforts on largely unregulated cryptocurrencies as of late, its experience with digital theft and complex online heists far precedes crypto. The country’s hacking teams have also proved adept at launching destructive cyber attacks and were reportedly responsible for the 2014 Sony leaks as well as the 2017 WannaCry ransomware outbreak.