Korean hacker in front of digital datastream flag.

Elliptic’s probe links $100M Horizon bridge exploit to North Korean hackers

Getting your Trinity Audio player ready...

Horizon Bridge, a cross-chain bridge linking the Harmony blockchain to other blockchains, lost $100 million to hackers on June 24. Digital currency security firm Elliptic has stated that there are strong indications the hack is the work of the North Korean hackers—the Lazarus Group.

According to a report Elliptic published, the methods used by the hackers in carrying out the hack and laundering the funds are reminiscent of other incidents that have been linked to the Pyongyang-sponsored group.

For one, the hack occurred on a cross-chain bridge and was perpetuated by compromising the cryptographic keys of a multi-signature wallet through a social engineering attack on members of the Harmony team.

The Lazarus Group is known to focus its attacks on blockchain projects in the Asia Pacific (APAC) region “perhaps for language reasons.” Elliptic says that while Harmony is U.S. based, many of its team members have links to the APAC region.

Similarly, the method adopted by the hackers to launder the stolen funds through Tornado Cash, a mixing tool, also points to the group. Deposits of the funds in Tornado cash have followed a regular pattern that indicates it is being carried out by an automated tool. The tool also tends to pause during nighttime hours in the APAC region.

“Although no single factor proves the involvement of Lazarus, in combination they suggest the group’s involvement,” Elliptic said.

Elliptic has traced the trail of the hacker’s Tornado Cash deposits using its Tornado demixing capability. So far, about $39 million (35,000 ETH) has been laundered by the hackers it found. However, Harmony is still not close to recovering its funds.

The growing notoriety of North Korean hackers

The North Korean Lazarus Group has also been found to be behind the industry-shaking $620 million Axie Infinity Ronin Bridge hack that occurred in March, according to the U.S. Treasury Department. Elliptic notes that the group may have earned as much as $2 billion from hacks over the years.

The group is not the only North Korean state-sponsored perpetrator of cyber crimes. According to a report by Reuters, several hacking consortiums are being sponsored by the rogue government, which uses the proceeds to fund its nuclear program.

In a recent notice, three U.S. Department—the departments of Justice, State, and the Treasury—warned tech and digital assets companies to be watchful as North Korean hackers were targeting them to apply for IT roles.

Watch: The BSV Global Blockchain Convention panel, Law & Order: Regulatory Compliance for Blockchain & Digital Assets


New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.