FBI says North Korean hackers responsible for $100M Harmony Horizon Bridge crypto heist
The hacker group used "social engineering of victims" in the Harmony hack.
In June, hackers made off with $100 million in crypto assets from the Harmony Horizon Bridge. The FBI now says that "cyber actors associated with the DPRK" were behind the theft.
According to the FBI (via The Hacker News), the Lazarus Group was responsible for the June 24 heist, which forced the company to temporarily halt transactions for at least 24 hours.
Harmony's Horizon Bridge may sound like an Apex Legends map, but it is actually a fast layer-1 blockchain that acts as a "bridge" for token transfers between Harmony and the Ethereum network, Binance Chain, and Bitcoin. The hackers were able to take advantage of an exploit that allowed them to divert tokens stored from the bridge into their wallets.
The FBI said the Harmony intrusion resulted from an aggressive malware campaign called TraderTraitor. The FBI, US Treasury Department, and CISA (Cybersecurity and Infrastructure Security Agency) warned that employees from crypto companies are being targeted with sophisticated "social engineering of victims." Basically, hackers are getting victims to download malicious software through deceptive means.
The statement says, "North Korean cyber actors used RAILGUN, a privacy protocol, to launder over $60 million worth of Ethereum (ETH) stolen during the June 2022 heist." A chunk of the ill-gotten Ethereum was "subsequently sent to several virtual asset service providers and converted to bitcoin."
The FBI, working with virtual asset service providers, has reportedly frozen a portion of the stolen assets. However, the actual amount is currently unclear how. 11 digital wallets have been publicly flagged so far by the FBI.
"The FBI will continue to expose and combat the DPRK's use of illicit activities—including cybercrime and virtual currency theft—to generate revenue for the regime," the FBI said.
The biggest gaming news, reviews and hardware deals
Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.
This isn't the first major crypto-heist pulled off by the Lazarus Group: The same organization was responsible for the massive $600 million Axie Infinity crypto-heist in April last year. An FBI representative told PC Gamer at the time that North Korea is pulling crypto-robberies to sidestep US and UN sanctions to fund its weapons program.
Best CPU for gaming: Top chips from Intel and AMD
Best gaming motherboard: The right boards
Best graphics card: Your perfect pixel-pusher awaits
Best SSD for gaming: Get into the game first
Jorge is a hardware writer from the enchanted lands of New Jersey. When he's not filling the office with the smell of Pop-Tarts, he's reviewing all sorts of gaming hardware, from laptops with the latest mobile GPUs to gaming chairs with built-in back massagers. He's been covering games and tech for over ten years and has written for Dualshockers, WCCFtech, Tom's Guide, and a bunch of other places on the world wide web.
'Just like we generate electricity, we're now going to be generating AI': Nvidia CEO Jen-Hsun Huang sees AI as a commodity to be made in 'AI factories'
Steam has changed its policy on DLC content and season passes, so now players are entitled to proper compensation if future plans fall through: 'Customers will be offered a refund for the value of unreleased DLC'