On June 24, the Horizon bridge connecting Harmony — a level 1 PoS blockchain built for the native ONE token — with the Ethereum and Binance Chain ecosystem was hacked, resulting in the loss of approximately $100 million in ETH. The exploit was reported on Twitter by the Harmony team, who said they were hunting for the culprit.
Latest in a series of vulnerabilities
1/ The Harmony team discovered a theft that took place this morning on the Horizon Bridge, amounting to approx. 100 million dollars. We have begun working with national authorities and forensic experts to identify the culprit and recover the stolen funds.
— Harmony 💙 (@harmonyprotocol) June 23, 2022
The bridge has since been closed to prevent further losses. Harmony developers have also clarified that the BTC bridge will not be affected.
Apparently, the attack took place within 17 hours. beginning with a transaction for a whopping 4919 ETH followed by several smaller transactions ranging from 911 to 0.0003 ETH. The latter happened after the closing of the bridge.
The hack is the latest in a series of exploits affecting the crypto space, such as the Axie Infinity leak, the Solana Wormhole or, more recently, the (inappropriate) Optimism fiasco. Another recent vulnerability, the Demonic exploit that affected several crypto wallets, was patched before any damage could be done.
It is reported that the exchanges were notified, as well as “national authorities and forensic experts”. Unfortunately for Harmony, the former may not be of much help in the event that the hacker’s identity is exposed, depending on the jurisdiction the hacker may be in.
“We have also notified the exchanges and stopped the Horizon Bridge to prevent further transactions. The team is fully occupied with the investigation. We will keep everyone updated as we investigate further and learn more.”
Preliminary warning issued by independent researchers
Curious what was the warning published by independent blockchain researcher and developer Ape Dev back on April 2nd. In a series of tweets, Ape Dev drew attention to the fact that the security of Harmony Bridge was built around a multisig wallet owned by just four people. He predicted that this could be used to mount a very simple attack, forcing two owners to sign transfers of up to $330 million.
Since then, his talent as a detective has been recognized by Brendan Eich, CEO and co-founder of Brave.
— Monkey Dev (@_apedev) June 24, 2022
It’s not clear if the Harmony attacker got this idea from Ape Dev’s instruction or came to the same conclusion on their own. However, in any case, the warning came almost three months before the unfortunate event, which should have given the Harmony developers enough time to ensure the security of their systems.
As cyberattacks become more and more prevalent in the crypto space, the security standards of various blockchain-based platforms are likely to come under more and more scrutiny from third parties – and rightly so.
Binance Free $100 (Exclusive): Sign up and get $100 free and 10% off Binance Futures fees for the first month. (terms).
sign up and enter the code POTATO50 to get up to $7,000 on your deposits.
Credit : cryptopotato.com