Policy
Share this article

FBI: North Korean Hackers Behind $100M Horizon Bridge Theft

Lazarus Group and APT38, both associated with North Korea, are responsible for the attack in June, the agency concluded.

By Jesse Hamilton
Updated Jan 24, 2023, 7:14 p.m. Published Jan 23, 2023, 11:17 p.m.
jwp-player-placeholder

A pair of North Korean hacker groups were behind the June theft of $100 million in crypto assets from Horizon Bridge, the Federal Bureau of Investigation (FBI) said in a Monday statement.

Horizon Bridge, a service enabling crypto assets to be traded between the Harmony blockchain and other blockchains, was drained of ether ETH$3,034.61, tether USDT$1.0002 and wrapped bitcoin (wBTC). The FBI said that the hackers – “cyber actors associated with the [Democratic People's Republic of Korea]” – relied on a malware campaign known as “TraderTraitor” in the Harmony attack.

STORY CONTINUES BELOW
Don't miss another story.Subscribe to the State of Crypto Newsletter today. See all newsletters
By signing up, you will receive emails about CoinDesk products and you agree to our terms of use and privacy policy.

Two weeks ago, a privacy protocol, Railgun, was used to launder more than $60 million in ETH stolen during last year’s theft, according to the FBI. A portion of it was sent to other service providers and changed to bitcoin. Some of the funds were frozen, and others were moved to addresses identified in the agency’s statement.

At least one industry research firm had already partially come to the same conclusion on the identity of the attackers last year, identifying Lazarus and North Korea.

U.S. authorities said that North Korea’s thefts of crypto and laundering of the assets are used “to support North Korea’s ballistic missile and Weapons of Mass Destruction programs,” according to the statement.

Lazarus Group had previously been accused of stealing more than $600 million of cryptocurrency from the Axie Infinity-linked Ronin bridge.

Read More: Harmony Hackers Cover Tracks by Bridging Portion of $100M Loot to Avalanche, Ethereum and Tron

RegulationsHackersNorth KoreaHarmonyFBIhacking

More For You

Protocol Research: GoPlus Security

By CoinDesk Research
Nov 14, 2025
Commissioned byGoPlus
GP Basic Image

What to know:

  • As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
  • GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
  • Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
View Full Report

More For You

State of Crypto: Wrapping Up the Month

By Nikhilesh De
14 hours ago
U.S. Congress (Jesse Hamilton/CoinDesk)

Congress continues to make progress on crypto issues but things are moving slowly.

Read full story