North Korean Lazarus hackers linked to $100M Harmony bridge theft

Published by
Peter Kavinsky

Researchers have linked Lazarus Group, a notorious North Korean state-backed hacking group, to the theft of $100 million in crypto assets from Harmony’s Horizon Bridge.

Last week, U.S. crypto startup Harmony warned of a “malicious attack” on its Horizon bridge, a cross-chain bridge that allows users to transfer their crypto assets from one blockchain to another. The attacker stole $100 million in crypto assets, including Ethereum (ETH), Binance Coin, Tether, USD Coin and Dai.

London-based blockchain analysis provider Elliptic, which has published an analysis of the attack, writes that the hackers converted the stolen assets to 85,837 ETH following the hack through Tornado Cash, a mixer commonly used to launder illegally-obtained crypto. So far, the attacker has sent 35,000 ETH — worth $39 million, or about 41% of the total funds stolen — to Tornado Cash.

Chainalysis, another blockchain security firm that’s working with Harmony to investigate the hack, backed up Elliptic’s findings.

Elliptic linked the attack to Lazarus Group, saying the “hack and the subsequent laundering of the stolen crypto assets” is consistent with the activities of the North Korean hackers. It notes that while no single factor proves the involvement of Lazarus in the Horizon Bridge attack, the group has “perpetrated several large cryptocurrency thefts totaling over $2 billion, and has recently turned its attention to DeFi [decentralized finance] services such as cross-chain bridges.”

In April, the U.S. Treasury Department linked the North Korea-backed hacking group to the theft of $625 million in cryptocurrency from the Ronin Network, an Ethereum-based sidechain made for the popular play-to-earn game Axie Infinity.

Elliptic notes that the attack was carried out by compromising the cryptographic keys of a multi-signature wallet, a technique commonly used by Lazarus Group, adding that the programming laundering of funds it observed following the Horizon Bridge hack was “very similar” to that seen following the Ronin Bridge attack.

“Lazarus Group tends to focus on APAC-based targets, perhaps for language reasons,” Elliptic added, referring to the Asia-Pacific region. “Although Harmony is based in the US, many of the core team have links to the APAC region.”

In a series of tweets on Thursday, Harmony said that it has begun a “global manhunt” for the criminal(s) responsible for the $100 million theft. “All exchanges have been notified. Law enforcement, Chainalysis, and AnChainAI have active investigations to identify the responsible actors and recover the stolen assets,” it said. “We are providing one FINAL opportunity for the actor(s) to return stolen assets with anonymity.”

The company also offered the attacker a final ultimatum, pledging to drop its investigation if the funds were returned minus a $10 million bounty. Harmony is also offering $10 million for information leading to the safe return of the funds.

Source: TechCrunch

Peter Kavinsky

Peter Kavinsky is the Executive Editor at

Published by
Peter Kavinsky

Recent Posts

  • News

The number of victims of the explosion in Yerevan has increased

According to preliminary data, the incident took place on the territory of a fireworks store,…

2 mins ago
  • News

More than 7 million compensations to victims of terrorist attacks in Catalonia | Politics

A total of 130 victims of the August 17, 2017 attacks in Catalonia will receive…

3 mins ago
  • News

Chelsea want to sign Everton winger Anthony Gordon

Chelsea have moved to rivals Newcastle to sign Everton winger Anthony Gordon, according to PA…

4 mins ago
  • News

GALATASARAY TRANSFER NEWS – Sevilla insists on Nelsson! New offer appeared

15 MILLION EURO PROPOSEDSeville and offered 15 million Euros; however, he offered to pay this…

6 mins ago
  • News

IT WAS EARTHQUAKE! Last minute 15 August earthquake news: Earthquake in Aegean (Kuşadası Bay) and Marmara

Kandilli and AFAD's latest earthquakes list is among the most curious and researched on Monday,…

7 mins ago
  • News

Buford Football Live Georgia (GA) State Varsity Boys Football

Click Here to Watch this High School Football Live Online for Free! Buford Football Live…

11 mins ago