Harmony's Horizon Bridge was the victim of a massive cyberattack from North Korea

Harmony's Horizon Bridge was the victim of a massive cyberattack from North Korea

June 23, 2022
Attack Types: 
Smart Contract Exploit
Entity Types: 
Blockchain ,Bridge
Tags: 
North Korea ,Lazarus Group ,APT38
Target Entities: 
Harmony ,Horizon Bridge

Summary #

On June 23, 2022, the Harmony Protocol team discovered a malicious attack on their Horizon Bridge, a blockchain bridge enabling asset transfers between Ethereum, Binance Smart Chain, and Harmony blockchains. In the morning, several transactions compromised the bridge. The hackers were able to steal the following assets: Frax (FRAX), Wrapped Ether (WETH), Aave (AAVE), Sushi (SUSHI), Frax Share (FXS), AAG (AAG), Binance USD (BUSD), Dai (DAI), Tether (USDT), Wrapped BTC (WBTC), and USD Coin (USDC). Some of these tokens have been exchanged for ETH on decentralized exchanges.

Attackers #

The FBI has officially announced that the Lazarus Group and APT38, North Korean organizations, were responsible for the breach. The FBI also shared that the hackers, identified as “cyber actors associated with the Democratic People’s Republic of Korea,” utilized a malware campaign called “TraderTraitor” in the Harmony attack.

Losses #

The estimated value at the time of the attack was approximately $100 million USD.

Timeline #

  • June 23, 2022 4:13 PM PST: The project team reported the hack and announced the start of work with national authorities and forensic experts to identify the culprit and return the stolen funds.
  • June 24, 2022 10:03 AM PST: The team announced that today at 8:30 Pacific Time, they shared their findings with their colleagues in the United States.
  • June 25, 2022 08:47 PM PST: The project team offered the hackers a reward of one million dollars for a refund.
  • June 29, 2022 07:01 PM PST: The project team came up with a final offer of $10 million and an end to the investigation in exchange for the remaining amount stolen.
  • January 23, 2023: The FBI announced that the North Korean hacker group Lazarus Group was responsible for the June 2022 breach.

Security Failure Causes #

Insufficient System Security Measures: The presence of the malware suggests that there may have been insufficient security measures in place to detect and prevent such attacks. This could include inadequate network monitoring, lack of intrusion detection systems, or insufficient measures to protect against advanced malware threats. Lack of Employee Awareness and Training: Human error or lack of awareness among employees could have played a role in the security failure. Insufficient training or education on recognizing and responding to phishing attempts, social engineering, or other attack vectors may have made the organization more susceptible to the initial malware infiltration.

Calendar July 12, 2024
Edit Edit this page