Harmony's Horizon Bridge was the victim of a massive cyberattack from North Korea
Summary
On June 23, 2022, the Harmony Protocol team discovered a malicious attack on their Horizon Bridge, a blockchain bridge enabling asset transfers between Ethereum, Binance Smart Chain, and Harmony blockchains. In the morning, several transactions compromised the bridge. The hackers were able to steal the following assets: Frax (FRAX), Wrapped Ether (WETH), Aave (AAVE), Sushi (SUSHI), Frax Share (FXS), AAG (AAG), Binance USD (BUSD), Dai (DAI), Tether (USDT), Wrapped BTC (WBTC), and USD Coin (USDC). Some of these tokens have been exchanged for ETH on decentralized exchanges.
Attackers
The FBI has officially announced that the Lazarus Group and APT38, North Korean organizations, were responsible for the breach. The FBI also shared that the hackers, identified as “cyber actors associated with the Democratic People’s Republic of Korea,” utilized a malware campaign called “TraderTraitor” in the Harmony attack.
Losses
The estimated value at the time of the attack was approximately $100 million USD.
Timeline
- June 23, 2022 4:13 PM PST: The project team reported the hack and announced the start of work with national authorities and forensic experts to identify the culprit and return the stolen funds.
- June 24, 2022 10:03 AM PST: The team announced that today at 8:30 Pacific Time, they shared their findings with their colleagues in the United States.
- June 25, 2022 08:47 PM PST: The project team offered the hackers a reward of one million dollars for a refund.
- June 29, 2022 07:01 PM PST: The project team came up with a final offer of $10 million and an end to the investigation in exchange for the remaining amount stolen.
- January 23, 2023: The FBI announced that the North Korean hacker group Lazarus Group was responsible for the June 2022 breach.
Security Failure Causes
Insufficient System Security Measures: The presence of the malware suggests that there may have been insufficient security measures in place to detect and prevent such attacks. This could include inadequate network monitoring, lack of intrusion detection systems, or insufficient measures to protect against advanced malware threats. Lack of Employee Awareness and Training: Human error or lack of awareness among employees could have played a role in the security failure. Insufficient training or education on recognizing and responding to phishing attempts, social engineering, or other attack vectors may have made the organization more susceptible to the initial malware infiltration.