Harmony developers said Thursday they had launched a “global manhunt” to catch the culprits behind last week’s $100 million exploit of its Horizon bridge, according to a Thursday update.
The exploited “Horizon” bridge allowed users to exchange assets such as tokens, stablecoins and non-fungible tokens (NFTs), among the Ethereum, Binance Smart Chain (BSC), and Harmony blockchains.
A bounty offered to individuals who could provide information about the attacker to Harmony was increased to $10 million from the previous $1 million. The ETH address to return the funds is 0xd6ddd996b2d5b7db22306654fd548ba2a58693ac.
Harmony team has additionally offered “one final opportunity” for the attackers to return the assets with anonymity: “The final term is they retain $10 million and return the remaining amount, in addition to the team ceasing the investigation.”
Meanwhile, security firm Elliptic linked the attack to North Korean hacker group Lazarus in a release Wednesday.
“There are strong indications that North Korea’s Lazarus Group may be responsible for this theft,” Elliptic researchers said. “Based on the nature of the hack and the subsequent laundering of the stolen funds.”
Elliptic noted the timing of movement of stolen funds was mostly in Asia Pacific nighttime hours and that the attack used techniques that were “frequently used” by the Lazarus group.
Lazarus is believed to have stolen over $2 billion in cryptoassets from exchanges and DeFi services, Elliptic said. It added that the Horizon Bridge hacker has so far sent 41% of the $100 million in stolen crypto assets into the Tornado Cash mixer.
Earlier this week, the attackers transferred over 36,000 ether, worth $44 million at the time, to Tornado Cash over several transactions, as reported.
The attacker’s main wallet – tagged as “Horizon Bridge Exploiter” on blockchain tracing service Etherscan – continues to hold over 33,000 stolen ether, blockchain data shows.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.