North Korean hackers thought to be behind $100m cryptocurrency heist

theguardian.com:

North Korean hackers are thought to be behind last week’s theft of as much as $100m in cryptocurrency from a US company, as the regime steps up attempts to secure funding for its nuclear and ballistic missile programmes.

The assets were stolen on 23 June from Horizon Bridge, a service operated by the Harmony blockchain that allows assets to be transferred to other blockchains, three digital investigative firms have concluded.

Activity by the hackers since the heist suggests they may be linked to North Korea – believed to be among the most prolific cyber-attackers.

The style of attack and high velocity of structured payments to a mixer – used to obscure the origin of funds – is similar to previous attacks that were attributed to North Korea-linked actors, Chainalysis, a blockchain firm working with Harmony to investigate the attack, said on Twitter on Tuesday.

That conclusion was echoed by other investigators.

“Preliminarily this looks like a North Korean hack based on transaction behaviour,” said Nick Carlsen, a former FBI analyst who now investigates North Korea’s cryptocurrency heists for TRM Labs, a US-based firm.

There are strong indications that North Korea’s Lazarus Group may be responsible for this theft, based on the nature of the hack and the subsequent laundering of the stolen funds, another firm, Elliptic, said in a report on Thursday.

“The thief is attempting to break the transaction trail back to the original theft,” the report said. “This makes it easier to cash out the funds at an exchange.”

US officials say Lazarus is controlled by the Reconnaissance General Bureau, North Korea’s primary intelligence organisation. It has been accused of involvement in the “WannaCry” ransomware attacks, hacks of international