A recent attack on the Horizon bridge resulted in the theft of over $100 million in cryptocurrency assets. Ethereum (ETH), Tether (USDT), Wrapped Bitcoin (WBTC), and BNB were among the stolen coins.
Elliptic, a well-known blockchain analysis company, has tracked the flow of funds to give a thorough picture of how the money was moved.
The $100 million in cryptocurrencies was taken from Horizon Bridge on June 24. The Harmony blockchain and other blockchains can transfer assets thanks to the Horizon Bridge service.
The thief quickly used the decentralised exchange (DEX), Uniswap, to convert a sizable amount of these items into 85,837 Ethereum tokens (ETH). This is a common way to launder money to avoid having stolen items seized.
On June 27, the assailant began transferring Ethereum into Tornado Cash, a mixer typically used to conceal illicit proceeds. Over 35,000 Ethereum worth $39 million have already been injected into Tornado Cash.
By transferring the crypto through Tornado, the hacker tried to erase the transaction trail connecting the crypto to the initial theft. As a result, cash withdrawals from an exchange are easier.
But utilising its Tornado demixing skills, Elliptic was able to track the stolen cryptocurrency through Tornado Cash to a number of new Ethereum wallets. This suggests that exchanges and other cryptocurrency businesses may use Elliptic’s transaction screening software to identify any incoming money that arrived via the Horizon Bridge Hack, despite using the Tornado Cash mixer.
Lazarus group involved in the cryptocurrency theft?
Elliptic’s analysis suggests that the Lazarus group might have been responsible for the assault. Although no one component specifically points to Lazarus, a number of other aspects do.
Over $2 billion worth of cryptocurrency has been stolen by The Lazarus Group in various activities. Recently, it has begun concentrating on DeFi services such cross-chain bridges. For instance, it’s believed that the gang planned the $540 million Ronin Bridge attack.
The Lazarus group also favours the Asia-Pacific region. Although Harmony is headquartered in the US, a large portion of its core workforce is from the Asia-Pacific region.
Furthermore, the constancy of the cryptocurrency deposits into Tornado over extended times shows the use of an automated approach. This approach is comparable to that employed in the Ronin hack. The brief periods during which funds are no longer transported out of Tornado cash are also consistent with Asia-Pacific midnight hours.
These evidence suggests that the Lazarus group was responsible for the assault. Furthermore, following the recent crypto crash, North Korea’s holdings have dramatically decreased. That the sanctioned country needs more money for its weapons projects makes logical.