Researchers Claim N. Korea is Likely Behind 100M Horizon Attack

North Korean state-backed hackers were likely behind the latest crypto attack that saw Horizon lose approximately $100 million. CNBC reported earlier today, citing analysis from blockchain researchers Elliptic and Chainalysis. Per Elliptic, there are strong indications that Lazarus Group was behind the attack.

The company added that the Horizon attacker converted most of the stolen funds into Ether (ETH). Following the exploit, the hacker’s address held 85,867.25 ETH. Elliptic claims that the hacker started laundering the funds through Tornado Cash, a mixing service. At the time of writing, the address only has 31,758.38 ETH.

Elliptic claims it used “demixing” tools and found the funds transferred to Tornado Cash ended up in several new ETH addresses.

Chainalysis, which is working with Harmony, the company behind the Horizon bridge, to investigate the attack supported Elliptic’s findings. Moreover, in a Twitter thread posted on June 28, Chainalysis said:


Meanwhile, Harmony is trying to figure out how to reimburse affected users. Additionally, Harmony is offering the hacker a $1 million bounty for returning the funds and sharing exploit information. The company said it would not file criminal charges if the hacker returned the money.

North Korean Hackers Continue Targeting DeFi Protocols

Chainalysis added,

If confirmed, this would be the 8th exploit this year – totaling $1B in stolen funds – that we can attribute to N. Korea with confidence. That’s 60% of total funds stolen in 2022. Notably, all of these were DeFi hacks, a major escalation of their DeFi hacking strategy.

Other notable DeFi hacks include the $615 Ronin Bridge exploit. Notably, Lazarus Group was behind this attack. This is the largest DeFi hack to date. It involved the hacker group stealing 173,600 ETH and 25.5 million USDC.

Before this, the Wormhole Bridge suffered a $326 million attack. This hack saw the malicious actor exploit a security vulnerability and mint 120,000 wETH on Solana.

Ethereum live price
price change

While US officials have pinned several high-profile cyberattacks on North Korea, the country maintains it had nothing to do with the hacks. According to an embassy diplomat in the North Korean embassy in London, the allegations of North Korea hacking crypto protocols are false. Lastly, the country’s Foreign Ministry labeled the allegations as US propaganda.

Stay up to date with our latest articles