December 5, 2023

The U.S. FBI has confirmed that in June 2022, the North Korea-linked Lazarus APT group and APT38 stole $100 million worth of cryptocurrency assets from the Blockchain company Harmony Horizon Bridge.

Through their investigation, its been confirmed that the Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $100 million of virtual currency from Harmony’s Horizon bridge reported on June 24, 2022.

Harmony’s Horizon Bridge used to transfer the crypto assets from one blockchain to another. It immediately halted the bridge to prevent further transactions and notified other exchanges.


The blockchain security firm CertiK published a detailed analysis of the incident. It confirmed that the threat actors were able to access the owners of Horizon’s multiSig wallets, then drained the funds from Harmony

  • On June 23, 2022 at 11:06:46 AM +UTC, the bridge between Harmony chain and Ethereum experienced multiple exploits.
  • The analysis has identified twelve attack transactions and three attack addresses.
  • The attacker netted various tokens on the bridge, including ETH, USDC, WBTC, USDT, DAI, BUSD, AAG, FXS, SUSHI, AAVE, WETH, and FRAX The transactions vary in value but range from $49,178 to upwards of $41,200,000.

On June 27, the threat actors behind the cyber heist culprit have begun transferring the funds through the Tornado Cash mixer service to launder the illicit profits. Part of the funds was frozen as of now.

There are strong indications that North Korea’s Lazarus Group may be responsible for this theft, based on the nature of the hack and the subsequent laundering of the stolen funds. Lazarus is believed to have stolen over $2 billion in cryptoassets from exchanges and DeFi services. – Elliptic report


The threat actors compromised the cryptographic keys of a multi-signature wallet, likely through a social engineering attack aimed at Harmony team members. The attack leveraged the malware TraderTraitor campaign in the Harmony intrusion.

Reference – Security Affairs

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.