North Korean Attackers Behind $100M Concord Hack: Report
After hackers stole $100 million value of cryptocurrency from Concord Protocol on Friday, the workforce behind the layer 1 blockchain introduced it could supply a $1 million reward to anybody with details about the hacker.
As of this afternoon, a lead suspect has emerged.
Based on a report launched in the present day by blockchain analytics agency Elliptic, the way wherein the funds have been stolen and subsequently laundered factors to the involvement of The Lazarus Group, a infamous North Korea-affiliated cybercriminal group.
In April, the U.S. authorities concluded that Lazarus, a “state-sponsored hacking group” in accordance with the FBI, was behind the $622 million hack of a cross-chain bridge utilized by the play-to-earn sport Axie Infinity. Cross-chain bridges join blockchains and are sometimes used to hyperlink sidechains (like Axie’s Ethereum sidechain Ronin), which may supply pace and decrease transaction charges earlier than passing work again to safer blockchains just like the Ethereum mainnet.
Concord’s hack equally occurred on the Horizon bridge, a cross-chain bridge connecting Concord to Ethereum, Binance Chain, and Bitcoin. Elliptic’s report notes the similarities between each cross-chain bridge assaults as one indication of Lazarus’ probably involvement.
How the hacker perpetrated the assault, through social engineering, additionally alludes to earlier Lazarus hacks. The Concord assault moreover echoes the Axie Infinity hack in that stolen funds have been laundered in a sample implying automated transfers.
“Though no single issue proves the involvement of Lazarus, together they recommend the group’s involvement,” says the report.
Different such components embrace the truth that many Concord workforce members have ties to the Asia Pacific area, and Lazarus tends to go after Asia-based targets, doubtlessly as a result of languages used. Additional, the one occasions the hackers have stopped offloading laundered funds are in keeping with nighttime hours within the Asia Pacific area.
The funds have to this point been laundered by means of mixing service Twister Money, which permits customers to pool important quantities of cryptocurrencies and swap them for various cash, a course of that obfuscates transaction trails and is often used to launder stolen tokens.
Elliptic was capable of “demix” the paths of the Concord hackers’ Twister Money transactions on this case, and has traced the stolen funds to quite a few new Ethereum wallets.
Whereas exchanges and companies may doubtlessly use this data to make sure they don’t settle for any of stolen funds, the knowledge supplies no means for Concord to recuperate them.
Need to be a crypto knowledgeable? Get one of the best of Decrypt straight to your inbox.
Get the largest crypto information tales + weekly roundups and extra!