After cybercriminals carted off $100 million worth of bitcoin from Harmony Protocol on Friday, the organization behind the layer 1 blockchain stated that a $1 million reward will be offered to anyone with information about the hacker. As of Thursday afternoon, a suspect of interest has surfaced.
The way in which the assets were stolen and later laundered, according to a report issued Thursday by blockchain analytics firm Elliptic, points to the involvement of The Lazarus Group, a known cybercriminal outfit with ties to North Korea.
The U.S. authorities determined in April that Lazarus, a "state-sponsored hacking operation" according to the Federal Bureau of Investigation, was responsible for the $622 million hack of a cross-chain bridge utilized by the play-to-earn game Axie Infinity.
Cross-chain bridges connect blockchains and are frequently used to interconnect sidechains (such as Axie's Ethereum sidechain Ronin), which can offer faster transactions and reduced transaction costs before sending work to more secure blockchains such as the Ethereum mainnet.
The Horizon bridge, a cross-chain bridge connecting Harmony to Ethereum, Binance Chain, and Bitcoin, was compromised in a manner similar to the Horizon bridge.
Elliptic's analysis cites the parallels between the two cross-chain bridge assaults as a possible indicator of Lazarus' involvement.
Using social engineering, the hacker carried out the attack, which references to earlier Lazarus intrusions. The Harmony attack also resembles the Axie Infinity hack in that stolen monies have been laundered in a way that suggests automated transfers.
The report states, "Although no single aspect establishes Lazarus' involvement, their combination strongly suggests it."
Other such factors include the fact that many Harmony team members have ties to the Asia-Pacific region and Lazarus tends to attack Asian targets, maybe because of the languages utilized.
In addition, the sole instances in which hackers have ceased transferring laundered funds are aligned with nighttime hours in the Asia-Pacific area.
The monies have been laundered thus far through the mixing service Tornado Cash, which enables users to pool substantial sums of cryptocurrencies and exchange them for other coins, a practice that obscures transaction trails and is widely used to launder stolen tokens.
Elliptic was able to "demix" the traces of the Harmony hackers' Tornado Cash transactions in this instance and has linked the stolen monies to a number of new Ethereum wallets.
While exchanges and businesses may be able to utilize this information to avoid accepting stolen cash, Harmony has no way to reclaim them.
