On Monday, the FBI announced that it had concluded that Lazarus Group, the North Korean organization, had been involved in the Harmony Protocol hack of $100 million last June.
On January 13th, about $60 million worth of Ethereum that had been stolen in the hack six months earlier was laundered.
The hackers
This allowed the FBI to identify the involvement of the Lazarus Group as well as another North Korean cyber group named APT38 in the heist.
A privacy protocol named RAILGUN had been used by hackers for obscuring their transactions.
Even then, exchanges had been able to freeze and recover some of the funds stolen in the hack when the hackers had attempted to swap them for Bitcoin.
The funds that had been unrecovered had subsequently been transferred to a total of 11 ETH addresses.
The announcement from the law enforcement agency said that it would continue its identification and disruption of the theft and laundering of digital currency by North Korea used for supporting the country’s programs of Weapons of Mass Destruction and ballistic missile.
The incident
Blockchain analysts had linked the exploit in June to the Lazarus Group in the immediate aftermath, thanks to a combination of the previous hacks the group had carried out and some on-chain investigation.
The US government has been quite vocal about the threat posed by the hacking group, but it had not accused the entity formally of the Harmony Hack until Monday.
A cross-chain bridge that connects the layer-1 Harmony blockchain to Binance Chain, Bitcoin, and Ethereum networks had been targeted in the hack.
The strategy is similar to the previous attacks that the Lazarus Group had carried out, which included a massive one in April where the Ronin Network had been compromised.
This Ethereum sidechain is used by Axie Infinity, the play-to-earn crypto game and the hackers were able to steal a huge sum of $622 million.
According to a report, North Korean hacker groups have managed to steal an estimated amount of $1.2 billion worth of crypto since 2017.
More details
The announcement said that the FBI would continue combating and exposing the use of illicit activities, which include digital currency theft and cybercrime, for generating revenue for the DPRK.
The cyber groups affiliated with North Korea have also been involved in activities beyond hacks. A report argued in late December that the Lazarus Group also pretends to be banks, potential employers, and venture capitalists.
Last April, a federal cybersecurity alert had been issued, which said that intrusions had begun with a huge number of spearphishing messages said to crypto firms.
These usually target employees working in software development or system administration on different communication platforms.
It was disclosed that the messages were similar to how recruitment efforts are made and high-paying jobs are offered for enticing people into downloading crypto apps laced with malware.
Due to these attacks, the US government has focused on coin-mixing services that enable users to hide the trail of crypto transactions.