The theft of $100 million from the Horizon bridge of American crypto company Harmony last June was carried out by two cyber groups linked to North Korea, the Lazarus Group and APT38, according to the Federal Bureau of Investigation on Monday.
"Through our investigation, we were able to confirm that the Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $100 million of virtual currency from Harmony's Horizon bridge," the FBI said in a statement.
The groups used the Railgun privacy protocol on Jan.13 to launder more than $60 million worth of Ethereum that had been taken in the crime in June, according to a statement from the FBI.
According to the FBI, a part of the stolen Ethereum was thereafter transported to multiple virtual asset providers and converted to bitcoin.
Interestingly, Binance discovered the hackers were attempting to launder cash through the Huobi crypto exchange and swiftly supported it in freezing and reclaiming the digital assets deposited by the hackers, according to CEO Changpeng Zhao.
The FBI said North Korea's theft and laundering of virtual currency is used to fund its ballistic missile and Weapons of Mass Destruction programs.
The Harmony Bridge hack in 2022 was the result of security flaws in Harmony's Horizon Ethereum bridge, which allowed cyber attackers to steal a lot of assets kept in the bridge via 11 transactions.
In June, Reuters cited three online research companies in its findings that North Korean hackers were most likely responsible for the attack on Harmony.
The US Attorney's Office and the US Justice Department's crypto unit, according to the FBI, have all continued "to identify and disrupt North Korea's theft and laundering of virtual currency, which is used to support North Korea's ballistic missile and Weapons of Mass Destruction programs."
The Lazarus group is a well-known hacker outfit that has allegedly been involved in a number of significant crypto industry exploits and has been implicated in the $600 million Ronin Bridge hack from March of last year.
Following the hack, the United States Treasury Department Office of Foreign Assets Control updated its Specially Designated Nationals and Blocked Persons (SDN) list to add the Lazarus Group in April 2022.
In response to the Ronin Bridge incident, the FBI and Cybersecurity and Infrastructure Security Agency issued a warning alert about North Korean state-sponsored cyber threats against blockchain companies the same month.