{"id":63699,"date":"2022-06-30T08:15:05","date_gmt":"2022-06-30T05:15:05","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=63699"},"modified":"2025-09-06T10:25:11","modified_gmt":"2025-09-06T07:25:11","slug":"elliptic-lazarus-hackers-may-be-behind-horizon-attack","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/elliptic-lazarus-hackers-may-be-behind-horizon-attack\/","title":{"rendered":"Elliptic: Lazarus hackers may be behind Horizon attack"},"content":{"rendered":"<p>Experts at Elliptic said that the Horizon cross-chain bridge attack may have been carried out by Lazarus, a North Korea\u2013linked hacker group.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">There are strong indications that North Korea\u2019s Lazarus Group may be responsible for the $100 million Harmony heist | 41% of the stolen cryptoassets have been moved through the Tornado Cash mixer | Read our analysis:<a href=\"https:\/\/t.co\/CoS2Ozu0WG\">https:\/\/t.co\/CoS2Ozu0WG<\/a><\/p>\n<p>\u2014 elliptic (@elliptic) <a href=\"https:\/\/twitter.com\/elliptic\/status\/1542249011750526978?ref_src=twsrc%5Etfw\">June 29, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to the analysts, the hackers have already sent 41% of the stolen crypto assets to Tornado Cash to launder the funds. At the time of preparing the report, the attackers had transferred more than 35 000 ETH to the mixer.<\/p>\n<p>Earlier, the hackers moved the stolen assets to the decentralised exchange Uniswap and converted them into 85 837 ETH. Elliptic noted that this is a fairly common method of laundering stolen funds.<\/p>\n<p>Analysts highlighted several reasons indicating that Lazarus was behind the hack. <\/p>\n<p>They noted that the assets were transferred to Tornado Cash with a regularity that suggests the involvement of some automated software. A similar system was observed by specialists during the laundering of funds stolen in the Ronin side-chain attack. Presumably <a href=\"https:\/\/forklog.com\/en\/news\/ethereum-address-linked-to-lazarus-group-sanctioned-by-us-hackers-tied-to-ronin-attack\">the Lazarus hackers are behind it as well<\/a>.<\/p>\n<p>The theft was carried out by compromising the private keys to a multisig wallet, \u2014 probably via a social engineering attack on Harmony team members. Such methods were often used by the Lazarus Group, Elliptic noted. <\/p>\n<p>Moreover, the Lazarus Group is often targeted at victims in the Asia\u2013Pacific region, analysts say. Many members of Harmony&#8217;s core team have ties to the region.<\/p>\n<p>Earlier on June 24, the Harmony blockchain platform <a href=\"https:\/\/forklog.com\/en\/news\/hacker-steals-about-100-million-in-harmonys-horizon-cross-chain-bridge-attack\">announced the Horizon cross-chain bridge attack<\/a>, in which attackers stole assets worth about $100 million.<\/p>\n<p>Initially, the Harmony team <a href=\"https:\/\/forklog.com\/en\/news\/harmony-offers-1-million-bounty-for-return-of-100-million-stolen-from-horizon-bridge\">offered a reward of $1 million<\/a> for the return of the stolen funds, later increased it to $10 million.<\/p>\n<p>U.S. authorities issued a <a href=\"https:\/\/forklog.com\/en\/news\/u-s-authorities-warn-of-north-korea-linked-hackers-targeting-the-crypto-industry\">warning about threats from North Korean hackers<\/a> aimed at stealing cryptocurrency.<\/p>\n<p>Follow ForkLog&#8217;s Bitcoin news on our Telegram \u2014 cryptocurrency news, prices and analytics.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Experts at Elliptic said that the Horizon cross-chain bridge attack may have been carried out by Lazarus, a North Korea\u2013linked hacker group.<\/p>\n","protected":false},"author":1,"featured_media":63700,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1535,2139,1125],"class_list":["post-63699","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-elliptic","tag-harmony-one","tag-lazarus"],"aioseo_notices":[],"amp_enabled":true,"views":"23","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/63699","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=63699"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/63699\/revisions"}],"predecessor-version":[{"id":63701,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/63699\/revisions\/63701"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/63700"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=63699"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=63699"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=63699"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}