What did it cost? Everything.
California-based cryptocurrency company Harmony reported that a hacker stole approximately $100 million worth of tokens through one of its key products.
Harmony is a blockchain that uses “bridges” to offer cross transfers with Ethereum, Binance, and other chains.
An attacker, however, compromised the Horizon Ethereum Bridge with 11 transactions that extracted tokens stored inside it.
Following the incident, Harmony immediately notified stakeholders including the FBI to investigate.
Harmony founder Stephen Tse then updated the community with key insights from the Horizon bridge hack investigation.
The incident response team found no evidence of any breaches of Harmony’s smart contract codes or vulnerabilities on the platform.
Notwithstanding, evidence found that the attacker gained access to and decrypted a number of private keys. These include those used to sign unauthorized transactions and take assets in the form of BUSB, USDC, ETH, and WBTC.
The hacker then swapped the assets to ETH, which remains on their account on the Ethereum network. Moreover, they have not attempted to anonymize ownership of the stolen assets.
“We have migrated the Ethereum side of the Horizon bridge to a 4-of-5 multisig since the incident. We will continue taking steps to further harden our operations and infrastructure security,” Tse assured the community.
Harmony has since announced a $1-million bounty in exchange for the return of the funds. It said that the team will advocate for no criminal charges if the funds are returned.
Previously, North Korea-linked hackers stole over $600 million worth of cryptocurrency from Ronin Bridge.