Elliptic specialists said that the Lazarus hacker group associated with North Korea may be behind the attack on the Horizon cross-chain bridge.
According to analysts, hackers have already sent 41% of the stolen crypto assets to Tornado Cash for money laundering. At the time of preparing the report, the attackers transferred more than 35,000 ETH to the mixer.
Before that, the hackers took the stolen assets to the Uniswap decentralized exchange and converted them into 85,837 ETH. Elliptic noted that this is a fairly common method of laundering stolen funds.
Analysts have identified several reasons indicating that the North Korean Lazarus was behind the hacking.
They noted that assets were transferred to Tornado Cash with a regularity that suggests the involvement of some automated software. Experts observed a similar system during the laundering of funds stolen during the attack on the Ronin sidechain. Presumably Lazarus hackers are also behind it.
The theft was committed by compromising the private keys to the multisig wallet, probably through a social engineering attack on the members of the Harmony team. Such methods were often used by Lazarus Group, Elliptic noted.
In addition, Lazarus Group often targets victims in the Asia-Pacific region, analysts say. Many members of the Harmony core team have ties to this region.
Recall that on June 24, the Harmony blockchain platform reported an attack on the Horizon cross-chain bridge, as a result of which attackers stole assets worth about $ 100 million.
Initially, the Harmony team offered a reward of $ 1 million for the return of stolen funds, later increased it to $ 10 million.
The US authorities have issued a warning about the threats of North Korean hackers aimed at stealing cryptocurrencies.