Key Takeaways
- Concord is providing a $10 million bounty to the attacker behind final week’s $100 million Horizon Bridge hack.
- Based on Elliptic, Lazarus Group could also be liable for the theft.
- The blockchain analytics agency mentioned that the way in which the theft was carried out was “in keeping with actions of the Lazarus Group.”
Share this text
Elliptic has mentioned that there are “sturdy indications” that North Korea’s Lazarus Group is liable for the assault.
Concord Gives $10M Bounty
Concord says it has begun a “international manhunt” to search out the perpetrator behind the Jun. 24 assault that noticed $100 million value of digital property disappear from its cross-chain bridge, Horizon.
1/ Concord has begun a world manhunt for the felony(s) who stole $100M from the Horizon bridge. All exchanges have been notified. Regulation enforcement, @Chainalysis, and @AnChainAI have energetic investigations to establish the accountable actors and get well the stolen property.
— Concord ? (@harmonyprotocol) June 30, 2022
The group behind the Layer 1 blockchain posted an update on the incident on Twitter early Thursday, saying that it had contacted legislation enforcement, Chainalysis, and AnChain.AI to assist establish the attacker.
It additionally provided the attacker a remaining ultimatum, pledging to drop its investigation if the funds had been returned minus a $10 million bounty (Concord initially provided $1 million for the return of the funds). “Retain $10M and return the remaining stolen quantity. In change, Concord will stop its investigation,” a tweet learn. Concord can be providing $10 million for data resulting in the secure return of the funds.
The replace additionally gave the attacker a deadline of 00:00 UTC on Jul. 5 to provoke communication.
Elliptic Blames Lazarus Group for $100M Assault
Whereas the investigation is ongoing with no assailant confirmed, the blockchain analytics agency Elliptic has claimed that Lazarus Group could also be liable for the theft.
In a Wednesday blog post, the agency mentioned that there are “sturdy indications” that the North Korean state-sponsored hacking group was behind the assault.
The submit famous how the attacker has to this point laundered round $39 million of the loot via the Ethereum mixer Twister Money in a bid to cover their on-chain transaction historical past. Elliptic mentioned that it had used demixing methods to hint the funds to various new wallets, noting that Lazarus could also be accountable “based mostly on the character of the hack and the following laundering of the stolen funds.”
It added that the character of the theft and cash laundering was “in keeping with actions of the Lazarus Group” and pointed to the $550 million hack on Axie Infinity’s Ronin Bridge. The U.S. Treasury Division and others blamed Lazarus for the Ronin assault within the fallout from the incident.
The submit additional added that the Concord bridge theft was executed by compromising a multi-signature pockets, doubtless via social engineering—a apply Lazarus has engaged in on a number of events prior to now. It additionally identified that the funds had been laundered with common small deposits in a attainable automated course of, just like how the $550 million stolen from Ronin was laundered following the assault. Furthermore, these liable for the assault operated on Asia-Pacific hours, Elliptic mentioned.
Disclosure: On the time of writing, the creator of this piece owned ETH and several other different cryptocurrencies.
