Skip to content

North Korean Hacker Group Behind the Horizon Bridge Hack

North Korean Hacker Group Behind the Horizon Hack: Report
The infamous hacker organization with ties to North Korea, may have been responsible for the $100 million Harmony attack last week.

The main suspect in the latest attack that saw $100 million robbed from the Harmony protocol is The Lazarus Group, a well-known North Korean hacker group.

New research released today by blockchain analysis company Elliptic claims that Harmony’s Horizon Bridge hack and the subsequent laundering of stolen digital assets share a startling resemblance to earlier Lazarus Group hacks.

“There are strong indications that North Korea’s Lazarus Group may be responsible for this theft, based on the nature of the hack and the subsequent laundering of the stolen funds. Lazarus is believed to have stolen over $2 billion in crypto assets from exchanges and DeFi services.”

How was the hack conducted?

Elliptic also described the precise methods used to carry out the crime, pointing out that The Lazarus Group targeted the login information of Harmony personnel in the Asia Pacific region to circumvent the protocol’s security system. The hackers used automated laundering algorithms to shift the stolen assets late at night after taking control of the protocol.

Elliptic further reported that the hackers had already transferred more than 40% of the $100 million to Tornado Mixer, an Ethereum-based “mixing service” that muddles transaction data and makes it very challenging for investigators to track the flow of money.

Hackers didn’t take the bait of Harmony

The Harmony team initially promised the hackers a $1 million bounty as a perk for returning the assets. On June 29, Harmony increased the reward to $10 million, saying that a full refund of the money would end the investigation and prevent further criminal prosecution.

The Lazarus Group has also been connected to the $600 million Ronin bridge hack in April. The value of the stolen Ether (ETH) has fallen more than 60% to $230 million due to the present market conditions. The Ronin bridge came back online after three months recently.

According to a recent revelation from, North Korea has employed 7,000 full-time hackers to conduct cyberattacks, use ransomware, and compromise crypto technology to raise money. The most cryptocurrency-related crimes are committed in North Korea, where there have been over 15 verified cases of online theft, totaling about $1.59 billion.

Increasing hacks in token bridges

Meter, Wormhole, and Ronin are just a few of the token bridges that have recently been targeted. Harmony’s Horizon Bridge is the most recent addition to this list, increasing bridge token-related theft to just over $1 billion in 2022.

Poly Network is by far the largest token bridge to be hacked. It led to a loss of $610 million that was nearly totally recovered.