North Korea’s State-Backed Lazarus Group Responsible for $100 Million Harmony Hack

Kim Jong Un Visiting Berlin in 2017
Kim Jong Un Visiting Berlin in 2017

North Korea’s Lazarus Group was the likely culprit behind the theft of $100 million from the Harmony Network, blockchain research firm Elliptic said on Wednesday.

Analysts said their evidence was mostly the fact that the perpetrator’s methods mirrored the techniques the Lazarus Group used when it stole around $600 million from Axie Infinity in March.

“Our analysis of the hack and the subsequent laundering of the stolen cryptoassets … indicates that it is consistent with activities of the Lazarus Group,” researchers wrote in their report.

RELATED: Harmony Developers Offer $1 Million Bounty in Exchange for $100 Million Lost in Hack

They cited the fact that the attack was conducted by compromising a multi-signature wallet’s cryptographic keys, and said Lazarus “tends to focus” on targets based in the Asia-Pacific region, “perhaps for language reasons.”

“Although Harmony is based in the U.S., many of the core team have links to the APAC region,” they noted.

As of Wednesday, they said the perpetrators had sent 41 percent of the $100 million in stolen funds — worth $39 million by that time — through Tornado Cash, a crypto anonymizing service.

“The regularity of the deposits into Tornado over extended periods of time suggests that an automated process is being used,” the report’s authors wrote. “We have observed very similar programmatic laundering of funds stolen from [Axie Infinity’s] Ronin Bridge … as well as a number of other attacks linked to the group.”

They added that the “relatively short periods during which the stolen funds stop being moved out of Tornado cash are consistent with APAC (Asia-Pacific) nighttime hours.”

Harmony developers reacted to the report with saber-rattling on Twitter, and said they would increase the reward for returning the funds from $1 million to $10 million.

RELATED: Cosmic Universe Founder Suggests Harmony Network Could be Insolvent Within 12 Months

“Harmony has begun a global manhunt for the criminal(s) who stole $100M from the Horizon bridge,” the team wrote in a Wednesday evening tweet. “All exchanges have been notified. Law enforcement, @Chainalysis, and @AnChainAI have active investigations to identify the responsible actors and recover the stolen assets.

“We are providing one FINAL opportunity for the actor(s) to return stolen assets with anonymity,” they added. “Our FINAL term: Retain $10M and return the remaining stolen amount. In exchange, Harmony will cease its investigation. To associates of the actor: There is no honor amongst thieves. We are offering you $10M for information leading to the return of stolen funds.”

Harmony’s network has been in turmoil since the team’s June 24 announcement that they lost the funds. The token’s price has declined by roughly 30 percent in the five days since the announcement, while stablecoins on the network depegged, causing hundreds of millions in additional losses for Harmony users.

  • bitcoinBitcoin (BTC) $ 30,585.00
  • ethereumEthereum (ETH) $ 1,920.03
  • tetherTether (USDT) $ 1.00
  • bnbBNB (BNB) $ 246.29
  • xrpXRP (XRP) $ 0.473472
  • cardanoCardano (ADA) $ 0.288054
  • dogecoinDogecoin (DOGE) $ 0.068067
  • solanaSolana (SOL) $ 18.35
  • polkadotPolkadot (DOT) $ 5.27
  • matic-networkPolygon (MATIC) $ 0.668704
  • avalanche-2Avalanche (AVAX) $ 12.92
  • chainlinkChainlink (LINK) $ 6.36
  • moneroMonero (XMR) $ 167.81
  • crypto-com-chainCronos (CRO) $ 0.056814
  • aaveAave (AAVE) $ 67.17
  • algorandAlgorand (ALGO) $ 0.123240
  • tezosTezos (XTZ) $ 0.812640
  • axie-infinityAxie Infinity (AXS) $ 6.38
  • golemGolem (GLM) $ 0.187465
  • zelcashFlux (FLUX) $ 0.455396
  • chain-2Onyxcoin (XCN) $ 0.001183