$100 million Harmony bridge theft associated with North Korean Lazarus hackers: Check the latest updates!
Researchers have traced the heist of $100 million in cryptocurrency assets from Harmony’s Horizon Bridge to Lazarus Group, a known hacker group supported by the North Korean government.
A “malicious attack” on Harmony’s Horizon Bridge, a cross-chain bridge that enables users to move their digital currencies from one blockchain to another, was forecasted by the American cryptocurrency startup last week. The attacker took Ethereum (ETH), Binance Coin, Tether, USD Coin, and Dai, totaling $100 million in digital assets.
Using Tornado Cash, a mixer often used to trade corruptly acquired cryptocurrency, the hackers turned the stolen assets into 85,837 ETH, according to a report on the assault from London-based blockchain analysis company Elliptic. The attacker has so far transferred 35,000 ETH to Tornado Cash, totaling $39 million, or 41% of the total assets stolen.
Elliptic’s observations were supported by Chainalysis, another blockchain security company that is collaborating with Harmony to look into the incident.
Elliptic associated the theft to Lazarus Group, claiming that the “hack and the subsequent laundering of the stolen crypto assets” are consistent with the actions of North Korean hackers. Although there is no single evidence linking Lazarus to the Horizon Bridge attack, the group has “conducted several significant cryptocurrency thefts totaling over $2 billion, and has recently turned its attention to DeFi [decentralized finance] services such as cross-chain bridges,” according to the report.
The U.S. Treasury Department associated the $625 million in crypto theft from the Ronin Network, an Ethereum-based sidechain built for the well-known play-to-earn game Axie Infinity, in April to a hacking gang supported by North Korea.
Elliptic adds that the programming it found after the Horizon Bridge breach was “quite similar” to that seen after the Ronin Bridge attack, noting that the attack was carried out using a technique frequently employed by Lazarus Group to compromise the cryptographic keys of a multi-signature wallet.
“Lazarus Group tends to focus on APAC-based targets, perhaps for language reasons,” Elliptic added, referring to the Asia-Pacific region. “Although Harmony is based in the US, many of the core team have links to the APAC region.”
Harmony said in a sequence of tweets on Thursday that it has launched a “global manhunt” for the criminal(s) behind the $100 million heist. “All exchanges have been notified. Law enforcement, Chainalysis, and AnChainAI have active investigations to identify the responsible actors and recover the stolen assets,” it said. “We are providing one FINAL opportunity for the actor(s) to return stolen assets with anonymity.”
A final demand was made by the company to the offender, stating that it would end its inquiry if the money was returned less a $10 million reward. Additionally, Harmony is offering a $10 million reward for information that results in the money’s safe return.
