Crypto monitoring platform MistTrack tracked the funds collected from the Harmony bridge hack and published 350 addresses linked to the attack. North Korea’s state-sponsored Lazarus group is believed to be behind the hack. According to a Twitter thread posted on January 23, the funds were moved through various exchanges in an attempt to avoid tracers.
Funds in multiple tokens worth about $100 million were stolen from Harmony Bridge on June 23, 2022, then quickly exchanged for Bitcoin (BTC), according to MistTrack, and returned to the wallet they were originally transferred to. The bridge facilitates transfers between Harmony and the Ethereum network, Binance Chain and Bitcoin. Harmony offered $1 million for a refund, but the offer was not accepted.
Instead, the hackers, later identified as North Korea’s Lazarus Group, ran 85,700 Ether (ETH) through the Tornado Cash mixer and deposited them at several addresses, where they remained until January 13, when they were transferred to Railgun, an Ethereum privacy system. which provides anonymization. From there they were transferred to identified addresses.
New updates about Harmony Bridge hack
On June 23, 2022, the Harmony bridge fell victim to a devastating attack that resulted in a loss of approximately $100 million.
— MistTrack️ (@MistTrack_io) January 23, 2023
The rest of the funds were transferred to the Avalanche (AVAX) blockchain, where they were exchanged for Tether (USDT) or Tron’s USDD token and eventually stored in addresses on the Ethereum and Tron networks.
Related: ‘No One’s Stopping Them’ — Threat of North Korean Cyber Attack Grows
Some progress has been made in recovering the stolen funds. Binance CEO Changpeng Zhao (CZ) announced via Twitter on January 15 that 121 BTC were recovered from the Huobi exchange after Binance detected their presence there.
Harmony proposed minting new native ONE tokens to compensate some of the 65,000 wallets that suffered losses due to the hack, but that idea proved unpopular and instead announced plan in September to offset losses from its treasury. In November Harmony He said was adding seven coins from the compromised bridge unaffected by the hack into its new LayerZero bridge, allowing coin owners to move them off the network.
Additional reporting by Tom Blackstone.