top of page

FBI Names North Korean Hackers Lazarus Group Responsible for $100M Crypto Heist

The Federal Bureau of Investigation (FBI) has officially stated that North Korean hacker group Lazarus Group, also known as APT38, was responsible for stealing $100 million from US crypto firm Harmony's Horizon bridge in June 2020. The hackers used a privacy protocol called Railgun to launder over $60 million worth of Ethereum stolen during the theft. A portion of the stolen Ethereum was subsequently sent to several virtual asset providers and converted to Bitcoin.

The FBI states that the theft and laundering of virtual currency by North Korea is used to support its ballistic missile and weapons of mass destruction programs. In June 2020, Harmony reported that a heist had hit its Horizon bridge, which is the underlying software used by digital tokens such as Bitcoin and Ether for transferring crypto between different blockchains.

Kevin Bocek

Kevin Bocek, VP Security Strategy and Threat Intelligence at Venafi shared what the company is seeing from North Korean threat groups, including Lazarus:

“Lazarus is known for stealing cryptocurrency by exploiting machine identities, so it’s no surprise that the Harmony attack has been attributed to it. When disclosing the breach, Harmony provided evidence that its private keys – a core component of machine identity – were compromised, opening the door to Lazarus and enabling it to decrypt data and siphon off funds. This shows the power of machine identities falling into the wrong hands.

"Our research has also shown that attacks from North Korean threat groups – such as Lazarus – are often financial in nature. Cybercrime has become an essential cog in the survival of Kim’s dictatorship, enabling North Korea to evade international sanctions and fund its weapons programmes.

This means that any company that offers a financial gain to North Korean threat groups could be a target, particularly in the relatively unregulated cryptocurrency industry. With Lazarus exploiting machine identities time and time again, these organizations must deploy a control plane for machine identity management. This will give them the observability, consistency and reliability needed to reduce the risk of breaches.” ###

bottom of page