Harmony Steps Up “Global Manhunt” for $100M Thief as Lazarus Group Blamed

Harmony has also offered a final ultimatum to the perpetrator behind last week’s $100 million Horizon bridge attack.

Harmony Steps Up “Global Manhunt” for $100M Thief as Lazarus Group Blamed
Shutterstock cover by ViChizh

Key Takeaways

  • Harmony is offering a $10 million bounty to the attacker behind last week's $100 million Horizon Bridge hack.
  • According to Elliptic, Lazarus Group may be responsible for the theft.
  • The blockchain analytics firm said that the way the theft was conducted was “consistent with activities of the Lazarus Group.”

Share this article

Elliptic has said that there are “strong indications” that North Korea’s Lazarus Group is responsible for the attack.

Harmony Offers $10M Bounty 

Harmony says it has begun a “global manhunt” to find the perpetrator behind the Jun. 24 attack that saw $100 million worth of digital assets disappear from its cross-chain bridge, Horizon. 

The team behind the Layer 1 blockchain posted an update on the incident on Twitter early Thursday, saying that it had contacted law enforcement, Chainalysis, and AnChain.AI to help identify the attacker. 

It also offered the attacker a final ultimatum, pledging to drop its investigation if the funds were returned minus a $10 million bounty (Harmony initially offered $1 million for the return of the funds). “Retain $10M and return the remaining stolen amount. In exchange, Harmony will cease its investigation,” a tweet read. Harmony is also offering $10 million for information leading to the safe return of the funds. 

The update also gave the attacker a deadline of 00:00 UTC on Jul. 5 to initiate communication. 

Elliptic Blames Lazarus Group for $100M Attack

While the investigation is ongoing with no assailant confirmed, the blockchain analytics firm Elliptic has claimed that Lazarus Group may be responsible for the theft. 

In a Wednesday blog post, the firm said that there are “strong indications” that the North Korean state-sponsored hacking group was behind the attack. 

The post noted how the attacker has so far laundered around $39 million of the loot through the Ethereum mixer Tornado Cash in a bid to hide their on-chain transaction history. Elliptic said that it had used demixing techniques to trace the funds to a number of new wallets, noting that Lazarus may be responsible “based on the nature of the hack and the subsequent laundering of the stolen funds.” 

It added that the nature of the theft and money laundering was “consistent with activities of the Lazarus Group” and pointed to the $550 million hack on Axie Infinity’s Ronin Bridge. The U.S. Treasury Department and others blamed Lazarus for the Ronin attack in the fallout from the incident. 

The post further added that the Harmony bridge theft was executed by compromising a multi-signature wallet, likely through social engineering—a practice Lazarus has engaged in on multiple occasions in the past. It also pointed out that the funds had been laundered with regular small deposits in a possible automated process, similar to how the $550 million stolen from Ronin was laundered following the attack. Moreover, those responsible for the attack operated on Asia-Pacific hours, Elliptic said. 

Disclosure: At the time of writing, the author of this piece owned ETH and several other cryptocurrencies. 

Share this article