FBI: North Korea Behind $100M Crypto Theft

Facts

  • The FBI on Monday said that North Korean (DPRK) hacking groups Lazarus Group and APT38 stole $100M worth of digital assets from the California-based crypto firm Harmony last June.
  • The hackers reportedly stole ether (ETH), tether (USDT), and wrapped bitcoin (wBTC) from the firm's Horizon Bridge – a service enabling crypto assets to be traded between the Harmony blockchain and other blockchains.
  • According to the FBI, the digital coins were then laundered via the privacy protocol RAILGUN, but a portion of the funds was frozen and recovered by exchanges when the hackers tried to swap them for Bitcoin. Unrecovered funds were sent to 11 Ethereum addresses.
  • The hackers deposited the funds into multiple exchanges, including Binance — the first to notice the activity and freeze the Lazarus accounts — and the Huobi exchange. In conjunction, they reportedly blocked 124 stolen Bitcoin from going to the DPRK, worth an estimated $2.6M.
  • The Lazarus group is a hacking syndicate that has reportedly been involved in several high-value exploits, including the $600M Ronin Bridge hack last March, prompting the US Treasury Dept. in April to add Lazarus to its Specially Designated Nationals and Blocked Persons list.
  • The FBI said it and its partners would continue to disrupt North Korea’s alleged theft and money laundering of virtual currency, aiming to prevent them from funding their missile and nuclear weapons programs. Meanwhile, the DPRK has denied carrying out cyberattacks, labeling the accusations 'ill-hearted rumors.'

Sources: Al jazeera, Business insider, Finance, Techmonitor, Bitcoininsider and Al jazeera.

Narratives

  • Narrative A, as provided by Rfa. It's not unusual for North Korean state-backed hacking groups to perpetrate highly lucrative cyber hacks. For a country that's subject to heavy sanctions, stealing cryptocurrency is an easy way to get much-needed funds. However, government regulators have successfully employed diplomatic, information, and military tools, to counter such crimes and proven themselves prepared to prevent all sorts of cyber attacks.
  • Narrative B, as provided by New Yorker. North Korea's cybercrime program is multifaceted. It targets banks, cryptocurrency exchanges, and individual users, with methods including bank heists and ransomware attacks. The true extent of its success is difficult to quantify, but a 2019 UN report estimated that the country had raised as much as $2B through cybercrime, bringing into question the effectiveness of US sanctions. It's time for a different approach.
  • Establishment-critical narrative, as provided by Kcnawatch. These baseless accusations are hypocritical coming from the US, one of the world's main ringleaders of cyber attacks. The sole goal is to smear North Korea and justify the sanctions and pressure campaign waged against it.