North Korean Lazarus Group compromised 2-of-5 multisig keys securing Harmony's Horizon bridge.
The Horizon bridge was secured by a 2-of-5 multisig. Lazarus Group used spear-phishing and malware to compromise at least two of the five private keys, enabling them to sign and execute unauthorized withdrawals from the bridge. The attack was methodical, draining assets over 14 transactions.
Funds immediately moved to Tornado Cash for mixing. Bitcoin bridge used to convert some assets to BTC. US Treasury sanctioned Tornado Cash addresses associated with this hack. Blockchain analytics firms attributed with high confidence to Lazarus Group. No funds recovered.
0x27b84e0f05a7a91e0e8f8c2b8e7b9f27b84e0f05a7a91e0e8f8c2b8e7b9f27b