Harmony Bridge Hacked, $100 Million Worth of Ethereum Lost
The Horizon bridge linking with Harmony a Layer 1 PoS blockchain built for native token ONE to the Ethereum and Binance Chain ecosystem was hacked leading to a loss of approx $100 million in ETH. The exploit was announced on Twitter by the Harmony team who said that they are pursuing the culprit.
The bridge has since been shut down to stop further losses. Harmony devs have also explained that the BTC bridge is unaffected.
The attack appears to have taken place for 17 hours. starting with a transaction worth a whopping 4.919 ETH followed by several smaller transactions ranging from 911 to 0.0003 ETH. The last one took place after the bridge had been shut down.
1/ The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.— Harmony (@harmonyprotocol) June 23, 2022
The hack is the latest in a series of exploits affecting the crypto space like Axie infinity drain, Solana Wormhole, or more the Optimism fiasco Another recent vulnerability the Demonic exploit which affected multiple crypto wallets was patched before any damage could be done.
National authorities and forensic specialists the former may not be of much help in the event the identity of the hacker is discovered depending on the jurisdiction that the hacker may be located in:
“We have also notified exchanges and stopped the Horizon bridge to prevent further transactions. The team is all hands on deck as investigations continue. We will keep everyone up-to-date as we investigate this further and obtain more information.”
Curiously a notice was issued by an independent researcher and blockchain dev Ape Dev back on the 2nd of April in a series of tweets, Ape Dev called attention to the fact that the security of the Harmony Bridge was built around a multi-sig wallet with only four owners. He indicated that this could be used to execute a very simple attack by getting 2 of the owners to sign off on transfers up to $330million
His sleuthing talents have since been recognized by Brendan Eich the CEO and co-Founder of Brave
The Harmony attacker got the idea from Ape Dev's indication or reached the same conclusion independently is unclear in either case, the warning came nearly three months before the unfortunate event which should have given Harmony devs enough time to secure their system.
Cyberattacks becoming more prevalent in the crypto space, and the security standards of different blockchain-based platforms will likely be scrutinized by third parties with increasing regularity, and rightfully so.
Related: Solana Announces a New Crypto Smartphone and a Web3 Developer Kit