North Korea behind $100m crypto theft, FBI says

California-based Harmony said in June it had been the target of a cyberattack that stole $100m worth of digital assets.

The flag of North Korea is seen in Geneva, Switzerland.
The FBI has blamed North Korea for last year's cyber heist on California-based Harmony [File: Pierre Albouy/Reuters]

North Korean hackers were behind the theft of $100m worth of digital assets from a US crypto firm last year, according to United States law enforcement.

The North Korean hacking groups Lazarus Group and APT38 carried out the cyber heist on crypto firm Harmony last June, the Federal Bureau of Investigation (FBI) said in a statement on Monday.

North Korean cyber actors earlier this month used privacy protocol Railgun to launder more than $60m worth of Ethereum stolen during the heist, a portion of which was sent to several virtual asset service providers and converted to Bitcoin, the FBI said.

Harmony, which has its headquarters in California, announced in June that hackers had stolen $100m in digital coins from Horizon bridge, a so-called blockchain bridge used to move cryptocurrencies between different blockchain networks.

The FBI, which previously issued an advisory about a malware campaign used in the heist dubbed “TraderTraitor”, said it had frozen some of the funds with the cooperation of some of the virtual asset service providers.

The FBI said it would keep working to “identify and disrupt” efforts to steal and launder cryptocurrency that support the secretive state’s illicit missile and nuclear weapons programmes.

“The FBI will continue to expose and combat the DPRK’s use of illicit activities — including cybercrime and virtual currency theft — to generate revenue for the regime,” the FBI said, referring to the acronym of the country’s official name, the Democratic People’s Republic of Korea.

North Korea, ruled by third-generation dictator Kim Jong Un, has been accused by US and UN officials of orchestrating an escalating campaign of cyber theft to fund its activities, including the development of long-range ballistic missiles and nuclear weapons.

South Korea’s spy agency said in December that North Korean hackers had stolen an estimated 1.5 trillion South Korean won ($1.2bn) in virtual assets during the past five years, including 800 billion South Korean won ($650.5m) in 2022 alone.

Blockchain analysis firm Chainalysis said in a report released in January last year that the value of assets stolen in North Korea-linked cyberattacks grew by 40 percent from 2020 to 2021.

Last month, Google’s anti-hacking unit said that North Korean hackers had exploited South Korea’s deadly Halloween crowd crush to target internet users with malware planted in documents disguised to look like reports from the South Korean government.

In 2021, the US Department of Justice charged three North Korean computer programmers with extorting or stealing more than $1.3bn in cash and cryptocurrency in a series of cyberattacks beginning in 2014.

North Korea, which typically does not engage with international media, has denied carrying out cyberattacks overseas and accused the US and its allies of “spreading ill-hearted rumours”.

Source: Al Jazeera