Spread the love

What did it cost? Everything.

California-based cryptocurrency company Harmony reported that a hacker stole approximately $100 million worth of tokens through one of its key products.

READ ALSO: Tales From The Crypt: Report Finds Cryptocurrency Scams Cost Victims Over $1 Billion Since 2021

Harmony is a blockchain that uses “bridges” to offer cross transfers with Ethereum, Binance, and other chains.

1/ On Thursday June 23rd, the Horizon bridge was exploited by one or more individuals, draining the bridge of approximately $100MM worth of Ethereum tokens.

Our investigation team is working 24×7 to assist with identifying the culprits responsible, and the methods they used.

— stephen tse 💙 🌉 stse.eth (@stse) June 25, 2022

An attacker, however, compromised the Horizon Ethereum Bridge with 11 transactions that extracted tokens stored inside it.

Following the incident, Harmony immediately notified stakeholders including the FBI to investigate.

Harmony founder Stephen Tse then updated the community with key insights from the Horizon bridge hack investigation.

1/ An incident response update on the Horizon bridge hack 🧵

Confidentiality is key to maintain integrity as part of this ongoing investigation. The omission of specific details is to protect sensitive data in the interest of our community.

— stephen tse 💙 🌉 stse.eth (@stse) June 26, 2022

The incident response team found no evidence of any breaches of Harmony’s smart contract codes or vulnerabilities on the platform. 

Notwithstanding, evidence found that the attacker gained access to and decrypted a number of private keys. These include those used to sign unauthorized transactions and take assets in the form of BUSB, USDC, ETH, and WBTC.

The hacker then swapped the assets to ETH, which remains on their account on the Ethereum network. Moreover, they have not attempted to anonymize ownership of the stolen assets.

“We have migrated the Ethereum side of the Horizon bridge to a 4-of-5 multisig since the incident. We will continue taking steps to further harden our operations and infrastructure security,” Tse assured the community.

Harmony has since announced a $1-million bounty in exchange for the return of the funds. It said that the team will advocate for no criminal charges if the funds are returned.

We commit to a $1M bounty for the return of Horizon bridge funds and sharing exploit information.

Contact us at [email protected] or ETH address 0xd6ddd996b2d5b7db22306654fd548ba2a58693ac.

Harmony will advocate for no criminal charges when funds are returned.

— Harmony 💙 (@harmonyprotocol) June 26, 2022

Previously, North Korea-linked hackers stole over $600 million worth of cryptocurrency from Ronin Bridge.

Banner Photo by Towfiqu barbhuiya on Unsplash