- Investigation into the $100 million crypto heist on California-based Harmony Protocol has revealed a new suspect, North Korea’s Lazarus Group.
- $41 million in stolen cryptocurrencies have been stolen via the Tornado cash mixer which mixes user funds to hide cash trails.
- Blockchain analytics firm Elliptic uses its demixing capacity to trace the source of funds.
- Similarities were drawn between the Harmony heist and the $600 million Ronin Bridge attack, orchestrated by the Lazarus Group.
Blockchain analytics firm Elliptic has found a strong connection between North Korea’s Lazarus Group and the $100 million crypto hack on Harmony’s Horizon Bridge. The firm unmixed transactions on Tornado to trace the $41 million sent to the mixer by hackers and presented findings in their latest blog post.
Horizon Bridge hackers sent $41 million in stolen crypto to Tornado cash mixer
Harmony Protocol’s Horizon Bridge was hacked for $100 million in cryptocurrencies on June 24, 2022. The hacker moved 41% of the stolen assets, worth $100 million, to the Tornado cash mixer. The protocol enhances anonymity in crypto transactions, when assets are added to the mixer, it effectively breaks the on-chain link between source and destination addresses.
The Tornado cash mixer has been used successfully by several hackers in DeFi ecosystem exploits. Layer-1 blockchain Harmony Protocol emerged as the target of one such hack, and further investigation revealed links to North Korea’s Lazarus Group.
Elliptic, a leading blockchain analytics firm used its Tornado demixing capability to trace all of the stolen funds through the mixer onwards to wallets.
Demixed transactions from the Tornado mixer
The analytics firm concluded that there are strong indications that Lazarus Group is responsible for the theft based on the nature of the hack and the laundering of stolen funds. The group is known to have stolen over $2 billion in cryptocurrencies from exchanges and DeFi protocols.
Ethereum (ETH), Tether (USDT), Wrapped Bitcoin (WBTC) and Binance Coin (BNB) were stolen in the Harmony heist. The hackers used Uniswap, a DEX to convert these assets to 85,837 ETH, considered a common laundering technique to avoid seizure of cryptocurrencies.
Analysts have identified similarities between the $100 million Harmony heist and the $600 million attack on the Ronin Bridge. In April 2020, the US Department of Homeland Security had issued an alert against the Lazarus Group and said that the hackers were sponsored by the North Korean government.
Harmony begins global manhunt for criminals behind $100 million hack
Harmony has announced the beginning of a global manhunt for the criminal who stole $100 million from the Horizon Bridge. All exchanges have been notified of the hunt, law enforcement, @Chainalysis and @AnChainAI have ongoing investigations to identify hackers and recover the stolen funds.
Harmony Protocol announced this as the final opportunity for the actor to return stolen assets while maintaining their anonymity.
Harmony has offered a bounty of $10 million to the hacker and asked for the $90 million to be returned. The layer-1 protocol has assured that all investigation will cease if the hacker accepts the terms and returns the stolen assets. Harmony has set a deadline of July 4, 2022, 23:00 GMT for return of the assets.
1/ Harmony has begun a global manhunt for the criminal(s) who stole $100M from the Horizon bridge. All exchanges have been notified. Law enforcement, @Chainalysis, and @AnChainAI have active investigations to identify the responsible actors and recover the stolen assets.
— Harmony (@harmonyprotocol) June 30, 2022