The FBI has officially attributed last year’s Horizon bridge hack and cryptocurrency heist to a threat group widely believed to be operating on behalf of the North Korean government.
The Horizon bridge is designed to enable cryptocurrency holders to move assets between Harmony’s network and the Ethereum network, Binance Chain and Bitcoin.
In June 2022, news broke that someone had managed to steal $100 million from the Horizon bridge — specifically the Ethereum side — after obtaining and decrypting private keys.
Shortly after the cryptocurrency heist came to light, blockchain analytics firm Elliptic named North Korea’s Lazarus hacking group as the prime suspect.
The FBI confirmed on Monday that the Lazarus group, which is also tracked as APT38, is behind the cyberattack on the Horizon bridge.
The agency noted that US authorities are identifying and disrupting North Korea’s cryptocurrency theft and laundering activities, which are used by the regime to fund its ballistic missile and weapons of mass destruction programs.
“On Friday, January 13, 2023, North Korean cyber actors used Railgun, a privacy protocol, to launder over $60 million worth of ethereum (ETH) stolen during the June 2022 heist. A portion of this stolen ethereum was subsequently sent to several virtual asset service providers and converted to bitcoin (BTC),” the FBI said.
The agency said part of these funds were frozen with the help of virtual asset service providers, while the rest have been moved to nearly a dozen addresses, which have been made public.
North Korean state-sponsored hackers are believed to be behind several high-profile cryptocurrency heists and this is not the first time the US government has officially blamed them for an attack.
In April 2022, the US blamed the Lazarus group for the $600 million Ronin Validator hack.
According to blockchain analysis company Chainalysis, Lazarus stole $400 million worth of crypto assets in 2021.
Related: North Korea APT Lazarus Targeting Chemical Sector
Related: North Korea’s Lazarus Targets Energy Firms With Three RATs

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Microsoft’s Verified Publisher Status Abused in Email Theft Campaign
- British Retailer JD Sports Discloses Data Breach Affecting 10 Million Customers
- Meta Awards $27,000 Bounty for 2FA Bypass Vulnerability
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Hive Ransomware Operation Shut Down by Law Enforcement
- UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
- Dozens of Cybersecurity Companies Announced Layoffs in Past Year
Latest News
- Sentra Raises $30 Million for DSPM Technology
- Cyber Insights 2023: Cyberinsurance
- Cyber Insights 2023: Attack Surface Management
- Cyber Insights 2023: Artificial Intelligence
- Microsoft’s Verified Publisher Status Abused in Email Theft Campaign
- Guardz Emerges From Stealth Mode With $10 Million in Funding
- How the Atomized Network Changed Enterprise Protection
- Critical QNAP Vulnerability Leads to Code Injection
