Key Takeaways
- Concord is providing a $10 million bounty to the attacker behind final week’s $100 million Horizon Bridge hack.
- In accordance with Elliptic, Lazarus Group could also be chargeable for the theft.
- The blockchain analytics agency stated that the way in which the theft was carried out was “in line with actions of the Lazarus Group.”
Share this text
Elliptic has stated that there are “sturdy indications” that North Korea’s Lazarus Group is chargeable for final week’s $100 million assault on Concord’s cross-chain bridge.
Concord Gives $10M Bounty
Concord says it has begun a “international manhunt” to seek out the perpetrator behind the Jun. 24 assault that noticed $100 million value of digital belongings disappear from its cross-chain bridge, Horizon.
1/ Concord has begun a world manhunt for the prison(s) who stole $100M from the Horizon bridge. All exchanges have been notified. Legislation enforcement, @Chainalysis, and @AnChainAI have lively investigations to establish the accountable actors and recuperate the stolen belongings.
— Concord 💙 (@harmonyprotocol) June 30, 2022
The crew behind the Layer 1 blockchain posted an update on the incident on Twitter early Thursday, saying that it had contacted legislation enforcement, Chainalysis, and AnChain.AI to assist establish the attacker.
It additionally supplied the attacker a last ultimatum, pledging to drop its investigation if the funds have been returned minus a $10 million bounty (Concord initially supplied $1 million for the return of the funds). “Retain $10M and return the remaining stolen quantity. In change, Concord will stop its investigation,” a tweet learn. Concord can be providing $10 million for info resulting in the secure return of the funds.
The replace additionally gave the attacker a deadline of 00:00 UTC on Jul. 5 to provoke communication.
Elliptic Blames Lazarus Group for $100M Assault
Whereas the investigation is ongoing with no assailant confirmed, the blockchain analytics agency Elliptic has claimed that Lazarus Group could also be chargeable for the theft.
In a Wednesday weblog submit, the agency stated that there are “sturdy indications” that the North Korean state-sponsored hacking group was behind the assault.
The submit famous how the attacker has to date laundered round $39 million of the loot by means of the Ethereum mixer Twister Money in a bid to cover their on-chain transaction historical past. Elliptic stated that it had used demixing strategies to hint the funds to various new wallets, noting that Lazarus could also be accountable “based mostly on the character of the hack and the next laundering of the stolen funds.”
It added that the character of the theft and cash laundering was “in line with actions of the Lazarus Group” and pointed to the $550 million hack on Axie Infinity’s Ronin Bridge. The U.S. Treasury Division and others blamed Lazarus for the Ronin assault within the fallout from the incident.
The submit additional added that the Concord bridge theft was executed by compromising a multi-signature pockets, seemingly by means of social engineering—a apply Lazarus has engaged in on a number of events prior to now. It additionally identified that the funds had been laundered with common small deposits in a attainable automated course of, just like how the $550 million stolen from Ronin was laundered following the assault. Furthermore, these chargeable for the assault operated on Asia-Pacific hours, Elliptic stated.
Disclosure: On the time of writing, the writer of this piece owned ETH and several other different cryptocurrencies.
