The Horizon Bridge blockchain to the first level of Harmony One was used for $100 million in altcoins, which are exchanged for ether (ETH).
The hack could confirm the community’s earlier concerns about the reliability of two of the four multi-signatures reportedly protecting the bridge.
Starting approximately 7:08 AM to 7:26 AM ET, 11 deals were made from a bridge for various tokens. They have since started sending tokens to another wallet to exchange for ETH on the Uniswap Decentralized Exchange (DEX) and then send ETH back to the original wallet.
1/ The Harmony team discovered a theft that took place this morning on the Horizon Bridge, amounting to approx. 100 million dollars. We have begun working with national authorities and forensic experts to identify the culprit and recover the stolen funds.
— Harmony (@harmonyprotocol) June 23, 2022
So far Frax (FRAX), Wrapped Ether (WETH). Aave (AAVE), Sushi (SUSHI), Frax Share (FXS), AAG (AAG), Binance USD (BUSD). Dai (DAI), Tether (USDT), Wrapped BTC (WBTC) and USD Coin (USDC) were stolen from the bridge thanks to this exploit.
Horizon Bridge makes it easy to transfer tokens between Harmony and the Ethereum, Binance Chain and Bitcoin network. Harmony, bridge operator, announced late in the evening of June 23, the bridge was stopped. It states that the BTC bridge and its assets were not affected by the attack.
The Harmony One team also said it is working with “national authorities and forensic experts” to determine who is responsible. An autopsy will follow.
Developers and Harmony One co-founder Nick White did not respond to requests for comment. Harmony One is a level 1 blockchain using Proof-of-Stake consensus. Its native token is ONE.
Concerns have previously been raised about the reliability of the Horizon multisig wallet, which required only two out of four signers to drain funds. Founder of crypto-focused venture fund Chainstride Capital Ape Dev. noted on Twitter on April 2 that the small number of signers needed would leave the bridge open for “another 9-figure hack”.
Bridge security is currently based on a multisig wallet deployed at 0x715CdDa5e9Ad30A0cEd14940F9997EE611496De6. It has four owners, two of whom must agree to make an arbitrary transaction (i.e. drain $330 million). pic.twitter.com/sgYmyPrYgf
— Monkey Dev (@_apedev) April 1, 2022
Ape Dev’s prediction appears to have come true as the bridge’s assets lost $100 million.
He is far from the only cryptographic developer who has concerns about the security of token bridges.
Vitalik Buterin discussed issues with token bridges in a Reddit post back in January of this year. He argued that when bridges are exploited, it threatens liquidity in every chain affected. He added that as the number of token bridges increases, the threat of a 51% attack on one chain could pose a greater risk of infection to others.
Since his prediction, the Metra Token Bridge, Axie Inifinity Ronin Bridge, and Wormhole Bridge have each been used to a total of nearly $1 billion.
Multi-signatures are a persistent security issue in attacks. The Ronin bridge was secured by nine validators, only five of which were needed to validate a transaction. The attacker gained control of the required five validators and withdrew assets worth over $600 million.
Chainalysis Launches Reporting Service for Companies Affected by Cryptocurrency-Related Cyberattacks
It seems that the market has not yet reacted to the attack, as the prices of all the coins and tokens in question have not changed significantly. However, ONE has fallen 7.4% in the last 24 hours, with most of the fall occurring in the last 5 hours. It is trading at $0.024. according at CoinGecko.
Credit : cointelegraph.com