Cryptocurrency

Lazarus attempt to launder additional $27.2M of funds stolen from Harmony bridge hack

Photo of admin admin Send an email January 31, 2023
0 2 minutes read

On-chain analysis It shows that the North Korean hackers involved in hacking Harmony’s Horizon Bridge spent the weekend trying to move some of the illicit funds.

On-chain analysis of how the Lazarus group attempted to launder money on Harmony Bridge (via Twitter user @zachxbt)
On-chain analysis of how the Lazarus group attempted to launder money on Harmony Bridge (via Twitter user @zachxbt)

use railguna smart contract system that launches what is known as “zero-knowledge proofs,” hackers attempted to move illegal funds through six different exchanges, some of which were reported over the weekend.

At least two exchanges, Binance and Huobi, were able to move quickly and freeze at least some of the laundered funds.

CZ responds to evidence linking wallets to Binance
CZ responds to evidence linking wallets to Binance

The move comes more than a week after the FBI. Declared The Lazarus group, which has ties to the Democratic People’s Republic of North Korea (DPRK), was responsible for exploiting Harmony’s Horizon Protocol, which lost more than $100 million in total cryptocurrency in June 2022 attacks.

That and similar attacks have fueled “North Korea using illegal activities, including cybercrime and cryptocurrency theft, to generate income for the regime,” the FBI claims.

Since 2017, $1.2 billion worth of cryptocurrency has been stolen by the group. Associated Press report.

The largest of these was the $624 million hack last April.

Bridge attacks have become increasingly common since decentralized finance (DeFi) became popular.

What are the common types of bridge exploits?

Bridge exploitation in the blockchain world is highly predictable, often due to code bugs or compromised cryptographic keys. Some of the most common bridging exploits include:

  • fake deposit: In this scenario, malicious actors create fake deposit events without actually depositing funds, or use worthless tokens to infiltrate the network. hack January of last year.
  • Validator flaw: The bridge validates the deposit before allowing the transfer.Hackers can exploit flaws in the verification process by creating fake deposits that occur during wormholes hack A digital signature verification flaw was exploited.
  • validator takeover: Here attackers look for vulnerabilities by trying to control the majority validators by taking over a certain number of votes to approve new transfers. The Ronin Network hack is an example where 5 out of 9 validators were compromised.

However, it’s important to note that the most common factor across exploits is human error. Post-hack investigations don’t focus solely on bridge shortcomings, and security fixes can usually be patched, but only after the damage has already been done.

The scale of these exploits is a concern for blockchain developers. Other notable bridge exploits for 2022 and beyond include:

  • February: Wormhole — $375 million
  • March: Ronin Bridge — $624 million
  • August: Nomad Bridge — $190 million
  • September: Wintermute — $160 million

Tags
Photo of admin admin Send an email January 31, 2023
0 2 minutes read
Photo of admin

admin

Related Articles

Venom blockchain hits 1M testnet wallets in two months

July 25, 2023

KuCoin dispels layoff rumors, CEO cites ‘normal’ personnel adjustments

July 25, 2023

FOMC preview: Brace for impact

July 25, 2023

XRP crowned top-traded altcoin of the year: Kaiko

July 25, 2023
Back to top button