In June 2022, The Harmony Protocol team identified a theft occurred on the Horizon bridge amounting to approx. $100MM. Harmony bridge hack worth was the entirety of its TVL. It’s likely every asset on $ONE is now unbacked by the bridge.
However, Binance has assisted Huobi Exchange in recovering 124 Bitcoin worth $2.58 million— from the Harmony bridge hackers, according to Binance CEO Changpeng Zhao (CZ).
The hackers previously tried to use Binance to launder the stolen funds, but the accounts was frozen, according to CZ’s tweet.
Tekedia Mini-MBA edition 16 (Feb 10 – May 3, 2025) opens registrations; register today for early bird discounts.
Tekedia AI in Business Masterclass opens registrations here.
Join Tekedia Capital Syndicate and invest in Africa’s finest startups here.
We detected Harmony One hacker fund movement. They previously tried to launder through Binance and we froze his accounts. This time he used Huobi. We assisted Huobi team to freeze his accounts. Together, 124 BTC have been recovered. CeFi helping to keep DeFi #SAFU! ?
— CZ ? Binance (@cz_binance) January 16, 2023
The collaboration between the two exchanges also foiled the hacker’s new attempts to use Huobi in moving funds, as confirmed by Huobi’s advisor Justin Sun.
We're proud to announce that thanks to our dedicated team and collaboration with @binance, we were able to detect and prevent a Harmony One hacker from attempting to launder funds through @HuobiGlobal. https://t.co/7D2MSo8TEX
— H.E. Justin Sun ??? (@justinsuntron) January 16, 2023
On-chain sleuth ZachXBT reported on Jan. 16, that North Korea’s Lazarus Group moved 41,000 Ethereum (ETH) — worth $64 million — from the Harmony (ONE) Bridge hack over the weekend.
1/2 North Korea’s Lazarus Group had a very busy weekend moving $63.5m (~41000 ETH) from the Harmony bridge hack through Railgun before consolidating funds and depositing on three different exchanges. pic.twitter.com/huDumaJeSh
— ZachXBT (@zachxbt) January 15, 2023
The funds’ transfer originated in batches of 100 ETH from OFAC-sanctioned Tornado Cash to another privacy platform, Railgun, according to the chart shared by ZachXBT. ZachXBT said the funds were later consolidated and deposited on three unnamed exchanges.
The movements were first noticed by the crypto compliance platform MistTrack on Jan. 14, tweeting that an address associated with the Harmony bridge exploit was on the move.
Elliptic, notes that the attack was carried out by compromising the cryptographic keys of a multi-signature wallet, a technique commonly used by Lazarus Group, adding that the programming laundering of funds it observed following the Horizon Bridge hack was “very similar” to that seen following the Ronin Bridge attack.
Following a $100 million Harmony bridge hack on June 24, 2022, the layer-1 blockchain offered a $1 million bounty for the return of the funds. Blockchain analytical firm Elliptic later traced the attack to North Korea’s Lazarus Group.
