The Federal Bureau of Investigation (FBI) has revealed that North Korean hacking groups Lazarus Group and APT38 were behind the cyber attack on California-based crypto firm Harmony last June, which resulted in the theft of $100 million worth of digital assets.
In a statement released on Monday, the FBI explained that the North Korean cyber actors used privacy protocol Railgun to launder more than $60 million of the stolen Ethereum, a portion of which was converted to Bitcoin and sent to various virtual asset service providers.
Harmony, which has its headquarters in California, announced in June that hackers had stolen $100 million in digital coins from Horizon bridge, a so-called blockchain bridge used to move cryptocurrencies between different blockchain networks. The FBI, which previously issued an advisory about a malware campaign used in the heist dubbed “TraderTraitor”, said it had frozen some of the funds with the cooperation of some of the virtual asset service providers.
The FBI has stated that it will continue to work towards “identifying and disrupting” efforts to steal and launder cryptocurrency that support the secretive state’s illicit missile and nuclear weapons programs. “The FBI will continue to expose and combat the DPRK’s use of illicit activities — including cybercrime and virtual currency theft — to generate revenue for the regime,” the FBI said, referring to the acronym of the country’s official name, the Democratic People’s Republic of Korea.
North Korea, ruled by third-generation dictator Kim Jong Un, has been accused by US and UN officials of orchestrating an escalating campaign of cyber theft to fund its activities, including the development of long-range ballistic missiles and nuclear weapons. South Korea’s spy agency said in December that North Korean hackers had stolen an estimated 1.5 trillion South Korean won ($1.2 billion) in virtual assets during the past five years, including 800 billion South Korean won ($650.5 million) in 2022 alone.
Blockchain analysis firm Chainalysis reported in January last year that the value of assets stolen in North Korea-linked cyberattacks grew by 40 percent from 2020 to 2021. Last month, Google’s anti-hacking unit said that North Korean hackers had exploited South Korea’s deadly Halloween crowd crush to target internet users with malware planted in documents disguised to look like reports from the South Korean government. In 2021, the US Department of Justice charged three North Korean computer programmers with extorting or stealing more than $1.3 billion in cash and cryptocurrency in a series of cyberattacks beginning in 2014.
North Korea, which typically does not engage with international media, has denied carrying out cyberattacks overseas and accused the US and its allies of “spreading ill-hearted rumours”. However, the FBI’s statement serves as further evidence of the country’s involvement in cybercrime and virtual currency theft, and the international community’s efforts to combat these illicit activities.
Joy Rice is a computer science graduate and crypto writer with a strong understanding of blockchain technology. She writes about the latest developments in the crypto industry, and is passionate about educating and informing readers about the potential uses of blockchain.