CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now

SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Nation-State

FBI Confirms North Korean Hackers Behind $100 Million Horizon Bridge Heist

FBI says a North Korea-linked threat group known as Lazarus and APT38 is behind the $100 million Horizon bridge cryptocurrency heist.

The FBI has officially attributed last year’s Horizon bridge hack and cryptocurrency heist to a threat group widely believed to be operating on behalf of the North Korean government.

The Horizon bridge is designed to enable cryptocurrency holders to move assets between Harmony’s network and the Ethereum network, Binance Chain and Bitcoin.

In June 2022, news broke that someone had managed to steal $100 million from the Horizon bridge — specifically the Ethereum side — after obtaining and decrypting private keys. 

Shortly after the cryptocurrency heist came to light, blockchain analytics firm Elliptic named North Korea’s Lazarus hacking group as the prime suspect. 

The FBI confirmed on Monday that the Lazarus group, which is also tracked as APT38, is behind the cyberattack on the Horizon bridge

Advertisement. Scroll to continue reading.

The agency noted that US authorities are identifying and disrupting North Korea’s cryptocurrency theft and laundering activities, which are used by the regime to fund its ballistic missile and weapons of mass destruction programs. 

“On Friday, January 13, 2023, North Korean cyber actors used Railgun, a privacy protocol, to launder over $60 million worth of ethereum (ETH) stolen during the June 2022 heist. A portion of this stolen ethereum was subsequently sent to several virtual asset service providers and converted to bitcoin (BTC),” the FBI said. 

The agency said part of these funds were frozen with the help of virtual asset service providers, while the rest have been moved to nearly a dozen addresses, which have been made public. 

North Korean state-sponsored hackers are believed to be behind several high-profile cryptocurrency heists and this is not the first time the US government has officially blamed them for an attack. 

In April 2022, the US blamed the Lazarus group for the $600 million Ronin Validator hack.

According to blockchain analysis company Chainalysis, Lazarus stole $400 million worth of crypto assets in 2021.

Related: North Korea APT Lazarus Targeting Chemical Sector

Related: North Korea’s Lazarus Targets Energy Firms With Three RATs

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

More from

Latest News

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Virtual Event: Cyber AI & Automation Summit
Wednesday, December 6, 2023

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.

Register

Virtual Event: Cyber Insurance & Liability Summit
Wednesday, January 17, 2024

As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.

Register

Expert Insights

Related Content

Cisco zero-day CVE-2023-20109 exploited Cisco zero-day CVE-2023-20109 exploited

Malware & Threats

Chinese Gov Hackers Caught Hiding in Cisco Router Firmware

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

September 27, 2023
Cyberattacks Target Websites of German Airports, Admin

Cyberwarfare

Cyberattacks Target Websites of German Airports, Admin

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

January 26, 2023
What is Cyberwar? What is Cyberwar?

Cyberwarfare

What is Cyberwar?

Ask any three people to define cyberwar and you will get three different answers. But as global geopolitics worsen and aggressive cyberattacks increase, this...

June 28, 2023
Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw

Application Security

Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

December 12, 2022
CVE-2023-23397 CVE-2023-23397

Nation-State

Microsoft Pins Outlook Zero-Day Attacks on Russian Actor, Offers Detection Script

Microsoft blames a “Russian-based threat actor” for in-the-wild attacks hitting its flagship Microsoft Outlook and has released a detection script to help defenders.

March 15, 2023
Cyber Resilience Cyber Resilience

Cyberwarfare

Cyber Insights 2023 | The Geopolitical Effect

While cyber eyes are trained on Russia, we should remember that it is not the West’s only cyber adversary. China, Iran, and North Korea...

February 1, 2023
Chinese Hackers Exploited Fortinet VPN Vulnerability as Zero-Day

Nation-State

Chinese Hackers Exploited Fortinet VPN Vulnerability as Zero-Day

A China-linked hackers are exploiting a vulnerability (CVE-2022-42475 ) in Fortinet FortiOS SSL-VPN, Mandiant claims.

January 20, 2023
CVE-2023-23397 CVE-2023-23397

Nation-State

Microsoft: No-Interaction Outlook Zero Day Exploited Since Last April

Microsoft says it has evidence that Russian APT actors were exploiting a nasty Outlook zero-day as far back as April 2022, upping the stakes...

March 27, 2023