← Harmony Horizon Bridge1 decision on this page

Audit log

Every state-changing event for Harmony Horizon Bridge: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

#1publishby system:backfill
2026-05-30 18:25:24Z
Score: ? → ? (no score change)
anchoranchored
chain
●mainnet-betaslot 423,210,439
sig
5t2K2vPqZcP6…9beqeEtxexplorer ↗
hash
B247j8oCfZZ9…Hz7CurYysha256 → base58
verifying row…full verify ↗
canonical bytes (6774 B) ▸
{"actor":"system:backfill","investigation_id":"248eec28-90e1-4c99-8359-cbbbebf0fa8e","kind":"publish","page_slug":"harmony-horizon-bridge","published_at":"2026-05-30T18:25:24.545Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Harmony Horizon Bridge","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.cnbc.com/2022/06/24/hackers-steal-100-million-in-crypto-from-harmonys-horizon-bridge.html","type":"other","url":""},{"credibility":3,"name":"https://medium.com/harmony-one/harmonys-horizon-bridge-hack-1e8d283b6d66","type":"other","url":""},{"credibility":3,"name":"https://fortune.com/crypto/2022/06/24/hackers-steal-100-million-in-crypto-from-harmony-horizon-bridge-ethereum-binance/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-harmony-horizon-bridge-hack","type":"other","url":""},{"credibility":3,"name":"https://news.bitcoin.com/harmonys-100m-hack-was-due-to-a-compromised-multi-sig-scheme-says-analyst/","type":"other","url":""},{"credibility":3,"name":"https://www.merklescience.com/blog/hack-track-analysis-of-harmonys-horizon-bridge-exploit","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://thehackernews.com/2023/01/fbi-says-north-korean-hackers-behind.html","type":"other","url":""},{"credibility":3,"name":"https://therecord.media/fbi-north-korean-hacking-group-lazarus-behind-100-million-crypto-heist","type":"other","url":""},{"credibility":3,"name":"https://securityaffairs.com/141266/apt/harmony-horizon-bridge-lazarus-apt.html","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.fbi.gov/news/press-releases/fbi-confirms-lazarus-group-cyber-actors-responsible-for-harmonys-horizon-bridge-currency-theft","type":"other","url":""},{"credibility":3,"name":"https://www.elliptic.co/blog/analysis/fbi-confirms-north-korea-s-lazarus-group-as-hackers-behind-100-million-harmony-horizon-bridge-theft","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/119861/fbi-north-korea-lazarus-horizon-harmony-bridge-hack","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.elliptic.co/blog/analysis/fbi-confirms-north-korea-s-lazarus-group-as-hackers-behind-100-million-harmony-horizon-bridge-theft","type":"other","url":""},{"credibility":3,"name":"https://home.treasury.gov/news/press-releases/jy0916","type":"other","url":""},{"credibility":3,"name":"https://techcrunch.com/2023/01/24/north-korea-fbi-harmony-horizon-crypto/","type":"other","url":""},{"credibility":3,"name":"https://therecord.media/fbi-north-korean-hacking-group-lazarus-behind-100-million-crypto-heist","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/tech/2022/07/27/harmony-proposes-issuing-one-tokens-to-reimburse-victims-of-100m-hack","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/110379/harmony-publishes-revamped-horizon-bridge-recovery-plan","type":"other","url":""},{"credibility":3,"name":"https://thedefiant.io/news/defi/aave-assets-are-still-stuck-over-a-year-after-usd100m-harmony-bridge-hack","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.fbi.gov/news/press-releases/fbi-confirms-lazarus-group-cyber-actors-responsible-for-harmonys-horizon-bridge-currency-theft","type":"other","url":""},{"credibility":3,"name":"https://home.treasury.gov/news/press-releases/jy0916","type":"other","url":""},{"credibility":3,"name":"https://www.mayerbrown.com/en/insights/publications/2024/12/federal-appeals-court-tosses-ofac-sanctions-on-tornado-cash-and-limits-federal-governments-ability-to-police-crypto-transactions","type":"other","url":""}]}],"sources_used":[],"summary":"The Harmony Horizon Bridge was a cross-chain bridge enabling asset transfers between Harmony, Ethereum, and Binance Smart Chain. On June 23–24, 2022, attackers exploited a critically under-configured 2-of-5 multisignature scheme to steal approximately $99.7 million across 14 asset types. The FBI formally attributed the attack to the North Korean state-linked Lazarus Group (APT38) in January 2023.","timeline":[{"date":"2022-03-29","event":"Ronin Bridge (Axie Infinity) hacked for ~$540M by Lazarus Group, establishing a pattern of cross-chain bridge attacks attributed to North Korea.","source":""},{"date":"2022-04-18","event":"U.S. government issues joint advisory warning about the TraderTraitor malware campaign used by North Korean hackers targeting cryptocurrency organizations.","source":""},{"date":"2022-06-23","event":"Attackers begin draining Harmony Horizon Bridge at approximately 11:06 AM UTC using two compromised multisig private keys, executing 11 unauthorized outbound transactions.","source":""},{"date":"2022-06-24","event":"Harmony publicly discloses the breach, estimates losses at approximately $100 million, engages the FBI, and pauses the Horizon Bridge.","source":""},{"date":"2022-06-30","event":"Blockchain analytics firms including Elliptic and TechCrunch reporting links the attack to North Korea's Lazarus Group based on on-chain fund movement patterns.","source":""},{"date":"2022-07-27","event":"Harmony proposes minting new ONE tokens and executing a hard fork to reimburse hack victims; the proposal is met with strong community backlash.","source":""},{"date":"2022-08-08","event":"U.S. Treasury OFAC sanctions Tornado Cash, citing its use to launder proceeds from the Harmony hack and other Lazarus Group operations.","source":""},{"date":"2023-01-13","event":"North Korean cyber actors launder over $60 million in ETH from the Harmony theft through RAILGUN, a zero-knowledge proof privacy protocol; Elliptic reports 99.9% of RAILGUN deposits over a three-day window originated from Harmony hack proceeds.","source":""},{"date":"2023-01-24","event":"FBI formally confirms Lazarus Group (APT38) is responsible for the Harmony Horizon Bridge theft, stating stolen funds support DPRK ballistic missile and WMD programs.","source":""},{"date":"2023-06-01","event":"Recovery ONE Foundation continues reimbursement funding rounds for affected users, with some Aave-locked assets on Harmony chain remaining frozen over a year after the exploit.","source":""},{"date":"2024-11-01","event":"U.S. Fifth Circuit Court of Appeals reverses OFAC sanctions on Tornado Cash, finding the agency had overstepped its authority in sanctioning immutable smart contracts.","source":""}]},"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision b63cef7b-6db6-42e5-b13b-950690cf5924

How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.