MistTrack – a crypto tracking and compliance platform – has published updates on its investigation of the Harmony bridge hack that compromised $100 million last June.
They found that the infamous North Korean hacking organization, The Lazarus Group, are likely behind the theft.
The Movement of Funds
In a Twitter thread on Monday, MistTrack said Lazarus passed the stolen funds through multiple exchanges and blockchains while attempting to cover their on-chain tracks.
Nevertheless, the platform discovered that many funds were transferred to exchanges including Huobi, Binance, and OKX. Those funds were then “quickly converted to BTC” before being withdrawn from the exchanges.
Next, the BTC underwent “several multi-layer transfers,” before some of the funds were returned to exchanges. Meanwhile, others were bridges to Avalanche through multiple cross-chain exchanges for USDT and USDD – stablecoins pegged to the U.S. dollar.
Other funds were transferred to Ethereum, and then eventually to Tron, where the recipient addresses were related to a “USDT mixed network.”
Blockchain Bridges
A bridge allows users to transfer assets that are otherwise native to one blockchain (ex. BTC for Bitcoin; ETH for Ethereum) over to other chains. This is usually accomplished by having users lock their tokens at a special address on the source blockchain, while tokenized equivalents are minted in equal measure on the other chain.
Unfortunately, bridges have become popular targets for hackers, bearing witness to some of the most catastrophic crimes in DeFi history. One such theft was the Harmony bridge hack itself, which saw $100 million worth of ETH stolen in June.
Months prior, an independent researcher named “Ape Dev” on Twitter warned that Harmony could lose all of its funds if just two of the four private keys controlling the bridge’s wallet were compromised, potentially for up to $330 million.
Other terrific hacks last year included the $600 million + Ronin bridge hack, which drained the entire Axie Infinity treasury. In this instance, 5 of 9 keys controlling the bridge were compromised, allowing for over 170,000 ETH and 25 million USDC to be taken.
These funds were also stolen by the Lazarus group, from whom just 5% of the funds have been recovered since.
Circle CEO Jeremy Allaire recently tweeted about an upcoming blockchain bridge for USDC. Unlike other bridges, this one will not contain a large honeypot targetable by hackers.