The FBI has officially attributed last year’s Horizon bridge hack and cryptocurrency heist to a threat group widely believed to be operating on behalf of the North Korean government.
The Horizon bridge is designed to enable cryptocurrency holders to move assets between Harmony’s network and the Ethereum network, Binance Chain and Bitcoin.
In June 2022, news broke that someone had managed to steal $100 million from the Horizon bridge — specifically the Ethereum side — after obtaining and decrypting private keys.
Shortly after the cryptocurrency heist came to light, blockchain analytics firm Elliptic named North Korea’s Lazarus hacking group as the prime suspect.
The FBI confirmed on Monday that the Lazarus group, which is also tracked as APT38, is behind the cyberattack on the Horizon bridge.
The agency noted that US authorities are identifying and disrupting North Korea’s cryptocurrency theft and laundering activities, which are used by the regime to fund its ballistic missile and weapons of mass destruction programs.
“On Friday, January 13, 2023, North Korean cyber actors used Railgun, a privacy protocol, to launder over $60 million worth of ethereum (ETH) stolen during the June 2022 heist. A portion of this stolen ethereum was subsequently sent to several virtual asset service providers and converted to bitcoin (BTC),” the FBI said.
The agency said part of these funds were frozen with the help of virtual asset service providers, while the rest have been moved to nearly a dozen addresses, which have been made public.
North Korean state-sponsored hackers are believed to be behind several high-profile cryptocurrency heists and this is not the first time the US government has officially blamed them for an attack.
In April 2022, the US blamed the Lazarus group for the $600 million Ronin Validator hack.
According to blockchain analysis company Chainalysis, Lazarus stole $400 million worth of crypto assets in 2021.