Recently, the Horizon Bridge was attacked and over $ 100 million of crypto assets were stolen. The stolen cryptocurrencies included Ethereum (ETH), Tether (USDT), Wrapped Bitcoin (WBTC), and BNB.
The popular blockchain analytics firm Elliptic is following the path of money to get a complete glimpse of how cash has moved.
On June 24th, a $ 100 million cryptocurrency was stolen from the Horizon Bridge. Horizontal Bridge is a service that allows you to transfer assets between the Harmony blockchain and other blockchains.
The thief instantly converted most of these valuables to 85,837 Ethereum tokens (ETH) via Uniswap, a decentralized exchange (DEX). This is a typical method of laundering to avoid the confiscation of stolen property.
On June 27, attackers began moving Ethereum to the Tornado Cash. A mixer often used to clean the interests of criminals. So far, over 35,000 Ethereum ($ 39 million) have been put into tornado cash.
Hackers attempted to clear the transaction trace that links the cipher to the first theft by transferring the cipher through the tornado. As a result, it is easy to withdraw money from the exchange.
However, Elliptic has succeeded in using the tornado demixing feature to track ciphers stolen through the tornado cache to some new Ethereum wallets. This means that even though you are using the Tornado Cash Mixer, exchanges and other cryptocurrency companies can use Elliptic’s transaction screening software to identify the money deposited via the Horizon Bridge Hack. To do.
The code stolen in North Korea now?
According to Elliptic’s research, the Lazarus group may have been involved in the attack. There is no single factor combination that points to Lazarus, but one of the various aspects refers to a group.
The Lazarus Group has stolen more than $ 2 billion of cryptocurrencies in numerous crimes. Recently I started to focus on DeFi services like cross-chain bridges. For example, the $ 540 million Ronin Bridge attack is believed to have been tuned by the gang.
In addition, the Lazarus Group tends to focus on the Asia Pacific region. Although Harmony is based in the United States, many core team members are linked to the Asia Pacific region.
In addition, the long-term consistency of crypto deposits in tornadoes shows the adoption of automated methods. This is similar to the process used during the Ronin hack.
Finally, the short intervals when money is no longer transferred from Tornado cash are compatible with night time in the Asia Pacific region.
These points indicate that the culprit behind the attack is Lazarus Group. In addition, North Korea’s holdings have declined significantly after the recent crash of cryptocurrencies. It makes sense for sanctioned countries to need more money for their weapons programs.