The crypto market is volatile and sensitive. Even in the past several exchanges have fallen victim to such hacks. A very recent example includes the one by Lazarus Group which moved more than $60 Million ETH from Harmony Bridge.
Jump Ahead To:
What is the Lazarus Group?
The Lazarus Group is a hacking group attributed to several high-profile cyber attacks. It is believed to be based in North Korea and is thought to be working on behalf of the North Korean government.
The group is known for its sophisticated and well-coordinated attacks, which have targeted financial institutions, government agencies, and other high-profile organizations. The Lazarus Group is also known to have been involved in several cyber heists, particularly in the cryptocurrency space.
In 2019, the group was found to have been behind a series of cyber attacks on cryptocurrency exchanges and wallets. The group is known to have stolen over $571 million worth of cryptocurrencies from various exchanges.
It is important to note that attribution of cyber attacks can be difficult and the Lazarus Group is not always recognized by all the cyber security agencies.
What is Harmony Bridge?
Harmony is a blockchain protocol that is designed to improve the scalability of smart contract platforms like Ethereum. Harmony Bridge is a cross-chain solution developed by the Harmony team that enables the transfer of assets between different blockchain networks.
The Harmony Bridge consists of a set of smart contracts and a set of relayers that are responsible for facilitating cross-chain transfers. The relayers monitor the different blockchains and ensure that the transfers are valid and authorized. They also ensure that the assets are adequately locked on the source blockchain and unlocked on the destination blockchain.
What was the Harmony hack?
On January 16th, 2023 a famous on-chain sleuth ZachXBT took to Twitter and informed us about the details of the Eheterum movement. He notified that round $63.5 Million which is 41000 ETH was in fact moved from the Harmony bridge hack. This was performed “through Railgun before consolidating funds and depositing on three different exchanges.” The hack had apparently taken place sometime between January 13 to January 14 2023.
After this CZ, the CEO of Binance, one of the largest cryptocurrency exchanges in the world also tweeted the developments in this circumstance. They had apparently detected Harmony One hacker fund movement and informed how they had earlier tried to launder through Binance.
We detected Harmony One hacker fund movement. They previously tried to launder through Binance and we froze his accounts. This time he used Huobi. We assisted Huobi team to freeze his accounts. Together, 124 BTC have been recovered. CeFi helping to keep DeFi #SAFU!
— CZ Binance (@cz_binance) January 16, 2023
When this happened, the exchange had frozen their accounts, and so this time they used Huobi. The Binance team came through to assist Huobi and has frozen their accounts. Both the exchanges through their collaborative efforts have managed to allegedly recover 124 BTC.
The Lazarus Group has previously also been associated with many crypto thefts with an estimated total of $2 billion. There were strong suspicions that they were also involved in the $600 million Ronin Bridge attack. On the other hand, Harmony Bridge was hacked even in June of 2022 for around $100 million.
These hacks occur due to various reasons, including weak security measures, lack of proper risk management practices, and human error. In some cases, hackers have exploited vulnerabilities in the exchange’s software or have gained access to the exchange’s systems through phishing scams or by stealing login credentials.
To prevent such hacks, it is important for crypto exchanges to implement robust security measures, such as using multi-factor authentication, cold storage for digital assets, and regular security audits. Additionally, it is also important for users to take steps to protect their own assets, such as by using hardware wallets and avoiding sharing personal information and login credentials.