A HACKER EXPLOITED A $100M FROM HARMONY’S HORIZON
Using the Harmony's Horizon bridge, for example, users can move assets - including tokens, stablecoins, and NFT - between Ethereum, Binance Smart Chain and Harmony blockchains.
Harmony said the attacker - a tweet-based company - stole close to $ 100 million in cryptocurrency from his blockchain bridge.
According to blockchain analytics company Elliptic, various crypto assets have been seized, including Ethereum, Binance Coin, Tether, USD Coin and Dai. Elliptic added that the stolen tokens have now been exchanged on Ethereum using a limited transaction - "a common strategy for these hacks," he said.
Harmony said in his blog post that immediately after the attack, several cybersecurity colleagues, exchanges and the FBI were reported and asked to assist in the investigation into identifying the victim and recovering the stolen property. "In addition, the team tried to contact the scam via a text message where the case address is being traded," read a blog post.
Harmony added by suspending the Horizon bridge to prevent further transactions. The Harmony bitcoin bridge was not affected.
"This incident is a humbling and sad reminder of how important our work is in the future of this space, and how much of our work lies ahead of us," the blog said. “Ongoing research poses a challenge to what information is allowed. to be shared with the public, but we will continue to provide updates as soon as we are able to share. ”
Harmony did not disclose how the funds were stolen and did not comment when contacted by TechCrunch.
However, another investor in the Ape Dev deal was concerned about the safety of its Horizon bridge back in April. The researcher warned on Twitter that the security of the Horizon bridge depends on multisignature - or "multisig" - a wallet that requires just two signatures to start a transaction. Multsig wallets require the approval of multiple companies to ensure greater security of transactions.
"So, if two of the four multisig signatories are in danger, we will see another nine-person robbery," Ape Dev, founder of crypto venture fund Chainstride Capital, wrote on April 1. "Considering everything that has happened. more recently, it will be interesting to hear more details from @ harmonyprotocol on how these [external managed accounts] are being protected. ”
The Harmony bridge robbery follows a series of notable attacks on other blockchain bridges. Ronin Network, an Ethereum-based sidechain for the popular Axie Infinity game, lost more than $ 600 million in March, attacking US officials who have since linked to a North Korean-backed gang. Similarly, the financial forum allocated to Wormhole lost approximately $ 325 million to hackers in February after misusing a security breach in its smart contract code.