Harmony Horizon Bridge
HackedInfrastructure · $ONE · born 2021 · ✝ 2022
A 2-of-5 multisig was all that guarded $100M — Lazarus took it.
Harmony's Horizon Bridge connected its chain to Ethereum and BNB Chain. In June 2022 North Korea's Lazarus Group compromised the signing keys and stole roughly $100M, crippling the Harmony ecosystem.
- Peak
- ~$100M stolen
- Cause
- Hacked
- Year of death
- 2022
☠️ Cause of death
The bridge required only 2 of 5 multisig signatures, so compromising two keys was enough to authorize fraudulent withdrawals. Harmony never fully recovered, and a contentious recovery-mint proposal further fractured its community.
📓 Lessons left behind
- —A 2-of-5 multisig is two phishing emails from catastrophe.
- —Bridge security reduces to threshold and key hygiene.
- —Minting new tokens to repay a hack just moves the loss.
🌱 The idea that survived
Higher signing thresholds
Bridges moved toward larger validator sets and higher m-of-n thresholds after a string of low-threshold multisig compromises.
#bridge#lazarus#multisig#exploit