Digital Asset Certification can dissuade Lazarus Group from targeting the crypto industry
Cryptocurrency thefts and hacks have plagued the industry for many years. Even major hacking collectives, like North Korea’s Lazarus Group, get in on the action. Ensuring all digital assets are certified and authenticated would help put an end to this level of criminal activity.
Lazarus Group was involved in the Harmony hack
Findings by the FBI confirm the involvement of Lazarus Group – and APT38 – in the Harmony Bridge Hack. For those unfamiliar with the story, culprits attacked the blockchain bridge project and stole roughly $100 million. It quickly became clear the heist was the work of a well-trained hacker or group of hackers. However, the funds were never fully recovered, and the culprits remain at large to this day.
Even so, the FBI has conducted a thorough analysis of the incident. Their findings confirm DPRK-associated hackers were involved in the incident. Both APT39 and Lazarus Group are held responsible for the $100 million incident. In addition, 60% of the funds have been on the move since early January 2023. The thieves started moving funds through RAILGUN, a privacy protocol running on the Ethereum blockchain. Using such a protocol would help remove the funds’ origin and eliminate any “taint”.
The findings aren’t a complete surprise, although they do confirm what most people expected. In addition, Binance confirmed the Harmony Bridge hackers tried to launder funds through the Huobi exchange. Those attempts were futile, and funds have been frozen – and later recovered. However, most of the stolen money is still out there. Recovering the full amount seems virtually impossible, although one never knows what happens next. Laundering vast sums of crypto is trickier than some may think.
It is not the first time Lazarus Group is involved in cryptocurrency-related hacks either. The group is also held partially responsible for the $600 million Ronin Bridge hack in March 2022. In addition, there have been plenty of rumors regarding the group’s involvement in ransomware attacks. North Korea is a country where the government can sponsor top-tier hackers. Assuming they will continue to target crypto projects and companies is plausible.
Digital asset certification is an option
While it is possible to “flag” stolen funds, that can only be done after the incident occurred. As such, there is a window for hackers to steal money and convert it – through mixers or otherwise – to less traceable assets. Privacy-focused cryptocurrencies like Monero remove any trace of transaction origin, recipient, or amount. That makes life a lot more difficult for agencies like the FBI.
One potential solution to the problem is certifying digital assets when they are issued. Projects like Wakweli make it easy for asset issuers to certify on-chain and off-chain assets through unique markers. As such, an asset cannot be represented by multiple tokens across different blockchains. Plus, the assets would have a dedicated tick mark, ensuring the legitimacy of assets. That will, in turn, instill more trust among enthusiasts and investors.
When assets are certified and authenticated since their issuance, they become less appealing to hackers and others criminals. Moreover, it is a very straightforward and accessible process that doesn’t involve notaries. The decentralized industry needs more market integrity and trust before mass adoption can occur. Hacking incidents set the entire industry back several paces, yet digital asset certification can have an adverse effect.