Never say die: The Lazarus Group renews attacks on Web3
Contents
Never say die: The Lazarus Group renews attacks on Web3
The hack
On the morning of June 24th, hackers stole $100 million in Ether (ETH), Tether (USDT) Wrapped Bitcoin (WBTC) and BNB from the Horizon bridge. The bridge allowed users to transfer assets between the Horizon blockchain and other blockchains. The stolen cryptocurrency was immediately converted to ETH via Uniswap, a popular decentralized exchange (DEX). Passing stolen crypto through a DEX is a common money laundering strategy since they allow hackers to bypass compliance controls.
Over the next few days, automated transactions sent regular amounts of the stolen ETH to the Tornado Cash mixer. Mixers are another valuable tool for laundering crypto. These services mix funds from different users, obfuscating the origins of assets and making it harder to trace stolen crypto.
The hackers were smart about the attack and took multiple steps to obscure their identity. Still, there were a few clues that …
The hack
On the morning of June 24th, hackers stole $100 million in Ether (ETH), Tether (USDT) Wrapped Bitcoin (WBTC) and BNB from the Horizon bridge. The bridge allowed users to transfer assets between the Horizon blockchain and other blockchains. The stolen cryptocurrency was immediately converted to ETH via Uniswap, a popular decentralized exchange (DEX). Passing stolen crypto through a DEX is a common money laundering strategy since they allow hackers to bypass compliance controls.
Over the next few days, automated transactions sent regular amounts of the stolen ETH to the Tornado Cash mixer. Mixers are another valuable tool for laundering crypto. These services mix funds from different users, obfuscating the origins of assets and making it harder to trace stolen crypto.
The hackers were smart about the attack and took multiple steps to obscure their identity. Still, there were a few clues that …