Hacker exploits Harmony blockchain bridge, loots $100M in crypto

Published by
Peter Kavinsky

A hacker has exploited a vulnerability to steal $100 million from Harmony’s Horizon Bridge, which allows users to transfer their crypto assets from one blockchain to another.

Harmony, the U.S. crypto startup behind Horizon, said in a blog post on Friday that it was notified of a “malicious attack” on its proprietary Horizon blockchain bridge on Thursday. Blockchain bridges, also known as cross-chain bridges, facilitate communication between different blockchains and allow users to send assets from one chain to the other. Using Harmony’s Horizon bridge, for example, users can move assets — including tokens, stablecoins, and NFTs — between Ethereum, Binance Smart Chain, and Harmony blockchains.

Harmony said the culprit of the attack — which the company singled out in a tweet — stole close to $100 million in cryptocurrency from its blockchain bridge.

https://twitter.com/harmonyprotocol/status/1540110926937894913?ref_src=twsrc%5Etfw” target=”_blank” rel=”nofollow noopener

According to blockchain analysis company Elliptic, a variety of crypto assets were taken, including Ethereum, Binance Coin, Tether, USD Coin and Dai. Elliptic added that the stolen tokens have now been swapped for Ethereum using decentralized exchanges — a “commonly-seen technique with these hacks,” it said.

Harmony said in its blog post that immediately following the attack, multiple cybersecurity partners, exchange partners, and the FBI were notified and requested to assist with an investigation in identifying the culprit and retrieving stolen assets. “Further, the team has attempted communication with the hacker with an embedded message in a transaction to the culprit’s address,” the blog post read.

Harmony added that it had stopped the Horizon bridge to prevent further transactions. Harmony’s bridge for bitcoin was unaffected.

“This incident is a humbling and unfortunate reminder of how our work is paramount to the future of this space, and how much of our work remains ahead of us,” the blog post said. “Ongoing investigations present a challenge of what information is allowed to be shared with the public, but we will continue to provide updates with the latest information as soon as we are able to share.”

Harmony has not revealed exactly how the funds were stolen, and did not comment when contacted by TechCrunch.

However, one investor who goes by the handle Ape Dev had concerns about the security of its Horizon bridge as far back as April. The researcher warned on Twitter that the security of the Horizon bridge hinged on a multi-signature — or “multisig” — wallet that required just two signatures to initiate transactions. Multi-sig wallets require the consent of multiple parties for ensuring additional security on transactions.

“So all in all, if two of the four multi-sig signers are compromised, we’re going to see another 9 figure hack,” Ape Dev, founder of crypto venture fund Chainstride Capital, wrote on April 1. “Considering all that’s been going on lately, it’d be interesting to hear some details from @harmonyprotocol on how these [externally owned accounts] are secured,”

The Harmony bridge hack follows a series of notable attacks on other blockchain bridges. The Ronin Network, an Ethereum-based sidechain made for the popular play-to-earn game Axie Infinity, lost more than $600 million in March, an attack which U.S. officials have since linked to North Korean state-backed hacking group Lazarus. Similarly, decentralized finance  platform Wormhole lost almost $325 million to hackers in February after they exploited a security flaw in its smart contract code.

Source: TechCrunch

Peter Kavinsky

Peter Kavinsky is the Executive Editor at cablefreetv.org

Published by
Peter Kavinsky

Recent Posts

  • News

2022 North Carolina High School Football Scores

Click Here to Watch this High School Football Live Online for Free! Recent 2022 North…

36 seconds ago
  • News

Flood of the century: filled the air and queues for bread. Read the report from Prague shortly before the disaster Serie

<!----> tte special 20 years since the floodsCollection of links from Lidovch noviny, reports, personal…

2 mins ago
  • News

Energy Crisis: “If a coal-fired power plant has to keep going, so be it”

Tuehat is the air in Herne? “Almost everywhere,” says Denise Herter. She lives in the…

5 mins ago
  • News

Russians fired from their territory eight communities in Sumy and Chernihiv . regions

the army of the Russian Federation continues to shell the areas of the Sumy and…

7 mins ago
  • News

The singing teacher rated the main hits of the summer: what is the secret of Shaman’s voice and the super popularity of Asti’s new song

Anna Asti's track "Bar" has been at the top of the charts all summerA picture:…

11 mins ago
  • News

Pellegrini announces Bartra’s move to Trabzonspor | Sports

Betis manager, Chilean Manuel Pellegrini, revealed this Sunday that defender Marc Bartra "decided to leave"…

12 mins ago