Harmony Horizon Exploit Linked to North Korea, $10M Bounty Offered

Harmony developers said Thursday they had started a “global manhunt” to catch the culprits behind last week’s $100 million exploit of its Horizon bridge, according to a Thursday update.

The exploited "Horizon" bridge allowed users to exchange assets such as tokens, stablecoins and non-fungible tokens (NFTs), among the Ethereum, Binance Smart Chain and Harmony blockchains.

A bounty offered to individuals who could provide information about the attacker to Harmony was increased to $10 million from the previous $1 million. The ETH address to return the funds is 0xd6ddd996b2d5b7db22306654fd548ba2a58693ac.

Harmony team has also offered “one final opportunity” for the attackers to return the assets with anonymity: “The final term is they retain $10 million and return the remaining amount, in addition to the team ceasing the investigation.”

Meanwhile, security firm Elliptic linked the attack to North Korean hacker group Lazarus in a release Wednesday.

“There are strong indications that North Korea’s Lazarus Group may be responsible for this theft,” Elliptic researchers said. “Based on the nature of the hack and the subsequent laundering of the stolen funds.”

Elliptic noted that the movement of stolen funds occurred mostly during Asia-Pacific nighttime hours and that the attack used techniques that were “frequently used” by the Lazarus Group.

Lazarus is believed to have stolen over $2 billion in crypto assets from exchanges and decentralized finance (DeFi) platforms, Elliptic said. It added that the Horizon Bridge hacker has so far sent 41% of the $100 million in stolen crypto assets into the Tornado Cash mixer.

Earlier this week, the attackers transferred over 36,000 ether, worth $44 million at the time, to Tornado Cash over several transactions, as reported.

The attacker’s main wallet – tagged as “Horizon Bridge Exploiter” on blockchain tracing service Etherscan – continues to hold over 33,000 stolen ethers, blockchain data shows.