Harmony Horizon Exploit Linked to North Korea, $10M Bounty Offered

The blockchain's develops now have a "global manhunt" to track down the attackers.

AccessTimeIconJun 30, 2022 at 10:15 a.m. UTC
Updated Jun 30, 2022 at 2:37 p.m. UTC

Shaurya is an analyst/editor for CoinDesk's markets team in Asia.

Harmony developers said Thursday they had started a “global manhunt” to catch the culprits behind last week’s $100 million exploit of its Horizon bridge, according to a Thursday update.

The exploited "Horizon" bridge allowed users to exchange assets such as tokens, stablecoins and non-fungible tokens (NFTs), among the Ethereum, Binance Smart Chain and Harmony blockchains.

A bounty offered to individuals who could provide information about the attacker to Harmony was increased to $10 million from the previous $1 million. The ETH address to return the funds is 0xd6ddd996b2d5b7db22306654fd548ba2a58693ac.

Harmony team has also offered “one final opportunity” for the attackers to return the assets with anonymity: “The final term is they retain $10 million and return the remaining amount, in addition to the team ceasing the investigation.”

Meanwhile, security firm Elliptic linked the attack to North Korean hacker group Lazarus in a release Wednesday.

“There are strong indications that North Korea’s Lazarus Group may be responsible for this theft,” Elliptic researchers said. “Based on the nature of the hack and the subsequent laundering of the stolen funds.”

Elliptic noted that the movement of stolen funds occurred mostly during Asia-Pacific nighttime hours and that the attack used techniques that were “frequently used” by the Lazarus Group.

Lazarus is believed to have stolen over $2 billion in crypto assets from exchanges and decentralized finance (DeFi) platforms, Elliptic said. It added that the Horizon Bridge hacker has so far sent 41% of the $100 million in stolen crypto assets into the Tornado Cash mixer.

Earlier this week, the attackers transferred over 36,000 ether, worth $44 million at the time, to Tornado Cash over several transactions, as reported.

The attacker’s main wallet – tagged as “Horizon Bridge Exploiter” on blockchain tracing service Etherscan – continues to hold over 33,000 stolen ethers, blockchain data shows.

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

CoinDesk - Unknown

Shaurya is an analyst/editor for CoinDesk's markets team in Asia.

CoinDesk - Unknown

Shaurya is an analyst/editor for CoinDesk's markets team in Asia.