Nexo

Start Earning Up to 16% Interest Automatically

Learn More
Home » News » Harmony Steps Up “Global Manhunt” for $100M Thief as Lazarus Group Blamed

Harmony Steps Up “Global Manhunt” for $100M Thief as Lazarus Group Blamed

by

Harmony has also offered a final ultimatum to the perpetrator behind last week’s $100 million Horizon bridge attack.

Harmony Steps Up “Global Manhunt” for $100M Thief as Lazarus Group Blamed
Shutterstock cover by ViChizh

Key Takeaways

  • Harmony is offering a $10 million bounty to the attacker behind last week's $100 million Horizon Bridge hack.
  • According to Elliptic, Lazarus Group may be responsible for the theft.
  • The blockchain analytics firm said that the way the theft was conducted was “consistent with activities of the Lazarus Group.”

Share this article

Elliptic has said that there are “strong indications” that North Korea’s Lazarus Group is responsible for the attack.

Harmony Offers $10M Bounty 

Harmony says it has begun a “global manhunt” to find the perpetrator behind the Jun. 24 attack that saw $100 million worth of digital assets disappear from its cross-chain bridge, Horizon. 

The team behind the Layer 1 blockchain posted an update on the incident on Twitter early Thursday, saying that it had contacted law enforcement, Chainalysis, and AnChain.AI to help identify the attacker. 

It also offered the attacker a final ultimatum, pledging to drop its investigation if the funds were returned minus a $10 million bounty (Harmony initially offered $1 million for the return of the funds). “Retain $10M and return the remaining stolen amount. In exchange, Harmony will cease its investigation,” a tweet read. Harmony is also offering $10 million for information leading to the safe return of the funds. 

The update also gave the attacker a deadline of 00:00 UTC on Jul. 5 to initiate communication. 

Elliptic Blames Lazarus Group for $100M Attack

While the investigation is ongoing with no assailant confirmed, the blockchain analytics firm Elliptic has claimed that Lazarus Group may be responsible for the theft. 

In a Wednesday blog post, the firm said that there are “strong indications” that the North Korean state-sponsored hacking group was behind the attack. 

The post noted how the attacker has so far laundered around $39 million of the loot through the Ethereum mixer Tornado Cash in a bid to hide their on-chain transaction history. Elliptic said that it had used demixing techniques to trace the funds to a number of new wallets, noting that Lazarus may be responsible “based on the nature of the hack and the subsequent laundering of the stolen funds.” 

It added that the nature of the theft and money laundering was “consistent with activities of the Lazarus Group” and pointed to the $550 million hack on Axie Infinity’s Ronin Bridge. The U.S. Treasury Department and others blamed Lazarus for the Ronin attack in the fallout from the incident. 

The post further added that the Harmony bridge theft was executed by compromising a multi-signature wallet, likely through social engineering—a practice Lazarus has engaged in on multiple occasions in the past. It also pointed out that the funds had been laundered with regular small deposits in a possible automated process, similar to how the $550 million stolen from Ronin was laundered following the attack. Moreover, those responsible for the attack operated on Asia-Pacific hours, Elliptic said. 

Disclosure: At the time of writing, the author of this piece owned ETH and several other cryptocurrencies. 

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.