Harmony Protocol’s Horizon bridge exploited, $100M stolen
The Layer 1 blockchain network Harmony Protocol (ONE) said on June 24 that hackers abused the bridge on the horizon, stealing approximately $ 100 million worth of tokens on the bridge.
1 / The Harmony team confirmed the theft that occurred at the Horizon Bridge this morning. 100 million dollars. We have begun working with national authorities and forensic experts to identify the perpetrators and recover the stolen funds.
More 🧵
— Harmony 💙 (@harmonyprotocol) June 23, 2022
This attack is one of the biggest attacks in the last few weeks. Harmony said he has begun “working with national authorities and forensic experts to identify the perpetrators and recover the stolen funds.”
The team added that the exploit did not affect the unreliable Bitcoin (BTC) bridge and the assets stored in the decentralized vault remain secure.
The Horizon Bridge connects the Harmony protocol to other networks such as Ethereum and Binance Smart Chain, allowing cryptocurrencies, stablecoins and NFTs to be transferred between the Harmony blockchain and the network.
Harmony has been warned about the vulnerability
April, blockchain developer and researcher Ape Dev warning About weak security of harmony. They predicted that a malicious party could exploit it in an attack that could result in losses of up to $ 330 million.
Bridge security is currently based on a multisig wallet deployed on 0x715CdDa5e9Ad30A0cEd14940F9997EE611496De6. There are four owners, two of whom must agree to perform any transaction (that is, run out of $ 330 million). pic.twitter.com/sgYmyPrYgf
— Ape Dev (@_apedev) April 1, 2022
according to Information available, The attacker moved funds in 12 transactions using 3 attack addresses. As a result, you can transfer funds to tokens such as ETH, WBTC, USDT, AAVE, WETH, FXS, SUSHI, FRAX, DAI, BUSD, AAG.
The attacker gained control of the MultiSig Wallet and was able to see a transaction that directly transferred the stolen funds.
The Harmony Protocol’s Horizon Bridge was hacked and $ 100 million was leaked early today.
The bridge was basically two of the five multisig. If the two addresses instructed someone to transfer the funds, it was done.
Hackers compromised two addresses and wasted money. 🧵👇 pic.twitter.com/hv1JWDy9WQ
— Mudit Gupta (@Mudit__Gupta) June 24, 2022
The identity of the hacker remains unknown, but the fact that the harmony team was able to prevent the attack raises questions about security between the crypto communities.
Most of the stolen tokens were still among the attackers wallet As of the press. However, attackers have begun to convert stolen funds into ETH via Uniswap.
The @harmonyprotocol Bridge exploit 0x0d04… ed00 stole 11 different erc-20 tokens and 13,100 Ether from the bridge.
Then I transferred the other erc-20 tokens to the other two wallets, swapped them to eth via Uniswap and other dex, and finally back to 0x0d04… ed00. pic.twitter.com/HY5JepVrPu
— MistTrack (@MistTrack_io) June 24, 2022