Content |
History
2023: $64M Cryptocurrency Stolen by Hackers
In mid-January 2023, information appeared that cybercriminals tried to launder cryptocurrency assets worth approximately $64 million. Crypto exchange security teams Binance Huobi have joined forces to discourage fraudulent activities.
According to an expert in the field of blockchain ZachXBT, we are talking about monetizing funds stolen as a result of hacking the cross-chain of the Harmony Bridge. It is assumed that the North Korean cybercriminal group Lazarus Group is behind this attack.
According to ZachXBT, the attackers combined and placed digital assets on three different crypto exchanges (their names are not specified). A total of 41,000 ETHs were distributed (approximately $64.3 million at the exchange rate as of January 17, 2023).
According to the head of the Binance crypto exchange Changpeng Zhao, cybercriminals have already tried to use this platform to launder the stolen cryptocurrency. However, Binance stopped this activity by freezing the accounts of attackers. Now hackers have tried to use the Huobi platform. After Binance specialists discovered the corresponding activity, they contacted the Huobi cybersecurity team. Together, it was possible to freeze the accounts of cybercriminals and return 124 BTC (about $2.63 million at the exchange rate as of January 17, 2023).
The cross-chain hacking of the Harmony Bridge is one of the biggest attacks on cryptocurrency systems in 2022. According to the investigation, members of the Lazarus Group used employee credentials to hack the platform's security system. The hackers then deployed specialized software tools to move the stolen assets.[1]
2022: Asset theft totalling just under $100m
The attacker withdrew cryptocurrency assets Ethereum totaling just under $100 million from blockchain Harmony. This became known on June 28, 2022.
Harmony's main platform, Horizon Bridge, is a crosschain bridge that allows cryptocurrencies to be transferred between different blockchains. The attackers used it to withdraw 85837.3 ETH, which is approximately $99.3 million, to their wallet.
According to CertiK, which analyzed the incident, the attackers were able to access Horizon multi-signature wallets and withdraw funds.
On June 23, 2022, the bridge between the Harmony blockchain and Ethereum underwent serial operation, CertiK said in a publication. - We were able to identify 12 unauthorized transactions and three wallets belonging to the attacker. As part of these transactions, the attacker intercepted various tokens from the bridge, including ETH, USDC, WBTC, USDT, DAI, BUSD, AAG, FXS, SUSHI, AAVE, WETH and FRAX. Transactions were unequal in amounts, but their range ranged from $49.2 thousand to $41.2 million. The attacker managed to achieve this by somehow obtaining from the owner of the MultiSigWallet wallet a call to a direct confirmTransaction transaction... for direct output of a large number of tokens from the bridge to Harmony. The attacker focused all these funds on one main address. |
Harmony noted that the attackers managed to compromise the private keys. At the same time, the company continues to assert that the keys were stored securely, in a twice encrypted form, and it was impossible to get access to them in plaintext from one specific machine.
The attacker managed to gain access and decrypt a number of keys, including those used before signing the unauthorized transaction, and seize assets in the form of BUSB, USDC, ETH and WBTC, Harmony said in a statement. - All these assets were then converted into ETH and at the end of June 2022 remain in the hacker's account on the Ethereum blockchain. At the time of the release of the news, the hacker did not take any measures to anonymize these assets. |
The company also said that the speech about the compromise of the smart contract system or vulnerabilities in the Horizon platform itself and that the funds were stolen "on the side of Ethereum."
The company appointed an award of $1 million for the return of stolen assets and for technical information about the attack, promising also not to bring criminal charges in the event of the return of stolen goods.
The fact that the attacker did not try to anonymize the withdrawn funds may indicate the demonstrative nature of this attack, said Mikhail Zaytsev, an information security expert at SEQ. - And, it seems, Harmony also suspects that someone in made an unauthorized "penetration test" to demonstrate the ability to bypass existing blockchain security tools. Hence the promise of a major reward. But exactly so far nothing can be said[2]. |
Notes