• The notorious North Korean hacker group Lazarus Group is suspected of attacking Harmony Bridge, stealing over $100 million.
• In June 2022, the group made transactions through Railgun to provide increased anonymity and privacy.
• The hackers have withdrawn at least $26.4 million from Huobi and other exchanges.
On June 23, 2022, the blockchain-based payment network Harmony Bridge experienced a devastating attack that saw them lose approximately $100 million in funds. Following further investigations, the notorious North Korean hacker organization Lazarus Group is now suspected of being responsible for the hack.
The Lazarus Group is known for its involvement in multiple network breaches over the years, resulting in total losses of more than $2 billion. It was in June 2022, when the hackers’ name first appeared in connection with the attack on Harmony Bridge. On January 13, the group completed a transfer of 41,000 ETH, worth around $63.5 million. Before this, the hackers also made transactions on Tornado Cash, a privacy-focused cryptocurrency platform, before it was banned.
This time, the transfers were made through Railgun, another cryptocurrency platform specializing in providing privacy and anonymity. Recent updates suggest that the hackers have created various transactions and transferred funds to exchanges such as Binance, Huobi and OKX. The funds were quickly changed to Bitcoin and withdrawn from the exchanges upon transfer.
Reflecting on the attack, a tweet by ZachXBT showed transfers on January 13, involving 350,000 separate wallet addresses. On January 18th, he further commented that the hackers had withdrawn at least $26.4 million from Huobi and other exchanges.
The extent of the attack is still unknown, but it is clear that the hackers have been very successful in their mission to steal funds from Harmony Bridge. The North Korean hacker organization Lazarus Group is likely to blame for the breach. The group has proven time and time again that they are a force to be reckoned with and have the capability to launch devastating attacks on cryptocurrency networks. It is essential that cryptocurrency networks remain vigilant and continue to increase their security measures in order to protect their users and funds.