The cryptoassets were stolen on June 23 from Horizon Bridge, a service operated by the Harmony blockchain that allows assets to be transferred to other blockchains.
North Korean hackers are most likely behind an attack last week that stole as much as $100 million in cryptocurrency from a U.S. company, three digital investigative firms have concluded.
The cryptoassets were stolen on June 23 from Horizon Bridge, a service operated by the Harmony blockchain that allows assets to be transferred to other blockchains.
Since then, activity by the hackers suggests they may be linked to North Korea, which experts say is among the most prolific cyber attackers. U.N. sanctions monitors says Pyongyang uses the stolen funds to support its nuclear and missile programmes.
The style of attack and high velocity of structured payments to a mixer – used to obscure the origin of funds – is similar to previous attacks that were attributed to North Korea-linked actors, Chainalysis, a blockchain firm working with Harmony to investigate the attack, said on Twitter on Tuesday.
That conclusion was echoed by other investigators.
“Preliminarily this looks like a North Korean hack based on transaction behaviour,” said Nick Carlsen, a former FBI analyst who now investigates North Korea’s cryptocurrency heists for TRM Labs, a U.S.-based firm.
There are strong indications that North Korea’s Lazarus Group may be responsible for this theft, based on the nature of the hack and the subsequent laundering of the stolen funds, another firm, Elliptic, said in a report on Thursday.