The recent $100 million cryptocurrency theft is believed to have originated from Harmony, an American blockchain company that created the Horizon Bridge key (a service that connects two blockchains and allows users to exchange cryptocurrencies between different blockchains for transmission), sponsored by a state-owned company. from North Korea’s Lazar Group.
While no single element can conclusively pinpoint Lazarus as the culprit, together they suggest the group’s involvement. First, the cryptographic keys to the Harmony multi-signature wallet, where the cryptography is physically stored, were obtained by hackers, most likely through social engineering attacks against members of the company’s projects. Such methods were widely used by the Lazarus group in previous operations. Most of Harmony’s permanent staff have links to the Asia-Pacific region, where the Lazarus group is also a frequent target.
In addition, the automatic use of the Tornado Cash Mixer can also be interpreted as a sign of company involvement. Tornado Cash is a widely used mixer for diverting unauthorized cryptocurrency funds to obfuscate and obscure the flow of transactions by encrypting digital money from thousands of addresses.
The group likely deposited cryptocurrency into Tornado Cash via an automated process in the recent Ronin Bridge heist and several other attacks. Finally, a key factor suggesting the involvement of the North Korean group is the recent shift towards a focus on attacking decentralized financial networks such as blockchain bridges.
The General Intelligence Bureau, North Korea’s top intelligence organization, “runs” the Lazarus group. Major attacks such as the Sony Pictures hack in 2014 and the WannaCry ransomware attack in 2017 have been linked to the hacking organization. State-sponsored cryptocurrency theft has been cited as a key component of North Korea’s illicit funding scheme for its nuclear and missile programs.
Hackers linked to North Korea stole nearly $400 million in digital assets last year, according to a report by blockchain analytics platform Chainanalysis released in February. According to the company’s estimates in its annual crypto crime ranking, illicit income accounts for the largest share of North Korea’s GDP in 2021, at 10%.
There is often an uncomfortable tendency to view these attacks as something that happened in isolation on a remote part of the internet, when in reality they have a huge impact on thousands of people. Digital assets are ingrained in our lives — cryptocurrencies are now used by a much wider demographic (13% of Americans traded crypto in 2020), large corporations are now accepting them as a means of payment (like Tesla), and countries have integrated cryptocurrencies into their digital platforms. in their economy.
El Salvador is famous for being the first country to adopt Bitcoin as its official currency in 2021, but many countries are already trying to join the party. The UK, for example, recently announced its intention to become a “global hub” for the crypto industry, even offering NFT backed by the Royal Mint. President Biden’s executive order on digital assets, issued in March, also recognized the growing role of cryptocurrencies in the US economy.
The risk of an industry being so unregulated that crime can fund a rogue regime makes the entire industry look bad. Attacks do happen, of course, and legacy financial institutions are no exception, but regulations keep digital financial institutions to an adequate standard that mitigates losses like bank robberies or legacy financial fraud.
Failure to comply with this standard will result in consequences imposed by the regulator. In other words, it creates a standard to protect customers. For example, ensuring crypto exchanges have adequate liquidity and planning an emergency fund or insurance to ensure customers are guaranteed a minimum recovery rate.
But a caveat: the idea here is not over-regulation. The ideal way is moderate legislative proposals to increase investment and protect consumers and investors. Regulations must not change the nature of blockchains, cryptocurrencies or DeFi – which are alternative avenues for traditional financial institutions and therefore must maintain other characteristics, including some degree of volatility and risk. Regulations should only make them safer for their users.