North Korea’s Lazarus Group behind $100m crypto attack • The Register

The FBI has confirmed what cybersecurity researchers have been saying for months: the North Korean-sponsored Lazarus Group was behind the theft final 12 months of $100 million in crypto belongings from blockchain startup Concord.
Attackers on June 22, 2022, hit Concord’s Horizon Bridge – a cross-chain service used to switch belongings between Concord’s blockchain and different blockchains – and stole Ethereum, Wrapped Bitcoin, Binance Coin, and Tether.
In its January 23 assertion on the matter, the FBI mentioned the assault on Concord was a part of a North Korean malware marketing campaign named “TraderTraitor.”

The federal investigators mentioned that on January 13, unnamed North Korean criminals used the privateness protocol Railgun to launder greater than $60 million of Ethereum stolen through the Horizon Bridge hack and {that a} portion of the stolen Ethereum was then despatched to a number of digital asset service suppliers and transformed to Bitcoin.

A few of the funds have been frozen, whereas the remaining Bitcoin was despatched to nearly a dozen addresses. Two crypto exchanges – Binance and Huobi – froze the accounts utilized by Lazarus Group to launder the stolen Concord belongings.
The FBI isn’t the primary to call Lazarus Group (aka APT28) because the perpetrator of the assault. In 2022, blockchain analytics outfit Elliptic linked the North Korean group to the Horizon Bridge incident after monitoring the attacker’s actions after the breach – together with the conversion of many of the belongings into 85,837 Ethereum utilizing the Uniswap decentralized alternate.

The thief then moved the Ethereum into Twister Money – a mixer used to launder stolen crypto belongings. By monitoring the belongings and searching on the Lazarus Group’s curiosity in attacking decentralized financing (DeFi) providers like cross-chain bridges – and its alleged reference to the theft of $620 million of crypto from Sky Mavis, maker of the Axie Infinity online game – Elliptic concluded that the Lazarus Group attacked Horizon Bridge.

The FBI has lengthy mentioned that the North Korean authorities makes use of crime – together with stealing cryptocurrencies – to assist fund its applications for ballistic missiles and weapons of mass destruction. The cash helps the secretive regime get round strict financial sanctions imposed by the US and different nations for its provocative actions and human rights violations.
Cryptocurrency additionally helps cyber criminals to go about their enterprise by making it simpler for menace teams to obtain and launder the proceeds of their campaigns.
Legit crypto and decentralized finance (DeFi) operations are sometimes victims of these assaults. Blockchain analysis agency Chainalysis revealed that within the first 4 months of 2022, attackers stole $1.68 billion in crypto – greater than 90 p.c of that coming from DeFi outfits.
The FBI mentioned it and different US companies will proceed to assault North Korea’s cyber crime actions. The Treasury Division final 12 months slapped sanctions on each Twister Money and one other crypto mixer, Blender – largely for his or her work serving to the Lazarus Group launder stolen crypto belongings. ®