Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Nation-State

FBI Confirms North Korean Hackers Behind $100 Million Horizon Bridge Heist

FBI says a North Korea-linked threat group known as Lazarus and APT38 is behind the $100 million Horizon bridge cryptocurrency heist.

The FBI has officially attributed last year’s Horizon bridge hack and cryptocurrency heist to a threat group widely believed to be operating on behalf of the North Korean government.

The Horizon bridge is designed to enable cryptocurrency holders to move assets between Harmony’s network and the Ethereum network, Binance Chain and Bitcoin.

In June 2022, news broke that someone had managed to steal $100 million from the Horizon bridge — specifically the Ethereum side — after obtaining and decrypting private keys. 

Shortly after the cryptocurrency heist came to light, blockchain analytics firm Elliptic named North Korea’s Lazarus hacking group as the prime suspect. 

The FBI confirmed on Monday that the Lazarus group, which is also tracked as APT38, is behind the cyberattack on the Horizon bridge

The agency noted that US authorities are identifying and disrupting North Korea’s cryptocurrency theft and laundering activities, which are used by the regime to fund its ballistic missile and weapons of mass destruction programs. 

“On Friday, January 13, 2023, North Korean cyber actors used Railgun, a privacy protocol, to launder over $60 million worth of ethereum (ETH) stolen during the June 2022 heist. A portion of this stolen ethereum was subsequently sent to several virtual asset service providers and converted to bitcoin (BTC),” the FBI said. 

The agency said part of these funds were frozen with the help of virtual asset service providers, while the rest have been moved to nearly a dozen addresses, which have been made public. 

North Korean state-sponsored hackers are believed to be behind several high-profile cryptocurrency heists and this is not the first time the US government has officially blamed them for an attack. 

In April 2022, the US blamed the Lazarus group for the $600 million Ronin Validator hack.

According to blockchain analysis company Chainalysis, Lazarus stole $400 million worth of crypto assets in 2021.

Related: North Korea APT Lazarus Targeting Chemical Sector

Related: North Korea’s Lazarus Targets Energy Firms With Three RATs

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Nation-State

The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Nation-State

A China-linked hackers are exploiting a vulnerability (CVE-2022-42475 ) in Fortinet FortiOS SSL-VPN, Mandiant claims.

Nation-State

Researchers tracking a remote code execution vulnerability in Zoho’s ManageEngine products are warning organizations to brace for “spray and pray” attacks across the internet.

Nation-State

FBI Director Christopher Wray is “deeply concerned” about the Chinese government’s artificial intelligence program, asserting that it was “not constrained by the rule of...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybercrime

North Korea’s BlueNoroff hackers have updated their arsenal and delivery techniques in a new wave of attacks targeting banks and venture capital firms, cybersecurity...

Application Security

Google’s Threat Analysis Group (TAG) has shared technical details on an Internet Explorer zero-day vulnerability exploited in attacks by North Korean hacking group APT37.