On the 24th of June, the Horizon bridge connecting Harmony – a Layer-1 PoS blockchain built for native token ONE – to the Ethereum and Binance Chain ecosystem was hacked, leading to a loss of approximately $100 million in ETH. The exploit was announced on Twitter by the Harmony team, who stated that they are hunting for the culprit.
The Latest in a Series of Vulnerabilities
1/ Echipa Harmony a identificat un furt survenit în această dimineață pe podul Horizon în valoare de cca. 100 de milioane de dolari. Am început să lucrăm cu autoritățile naționale și cu specialiști criminaliști pentru a identifica vinovatul și a recupera fondurile furate.
Mai Mult ?
— Armonia? (@harmonyprotocol) 23 Iunie, 2022
The bridge has since been shut down to prevent further losses. Harmony devs have also clarified that the BTC bridge is unaffected.
The attack appears to have taken place over the span of 17 hours, pornire with a transaction worth a whopping 4,919 ETH, followed by several smaller transactions ranging from 911 to 0.0003 ETH. The last one took place after the bridge had been shut down.
The hack is the latest in a series of exploits affecting the crypto space, such as the Axie Infinity drain, Solana Wormhole, or, more recently, the (misplaced) Optimism fiasco. Another recent vulnerability, the Demonic exploit, which affected multiple crypto wallets, was peticit before any damage could be done.
Exchanges have reportedly been aduce la cunoștință, as well as “national authorities and forensic specialists.” Unfortunately for Harmony, the former may not be of much help in the event the identity of the hacker is discovered, depending on the jurisdiction that the hacker may be located in.
„De asemenea, am notificat schimburile și am oprit podul Horizon pentru a preveni tranzacțiile ulterioare. Echipa este toată pe punte pe măsură ce investigațiile continuă. Vom ține pe toată lumea la curent pe măsură ce investigăm acest lucru în continuare și vom obține mai multe informații.”
Prior Warning Issued By Independent Researchers
Curiously, a warning was eliberat by an independent researcher and blockchain dev Ape Dev back on the 2nd of April. In a series of tweets, Ape Dev called attention to the fact that the security of the Harmony Bridge was built around a multi-sig wallet with only four owners. He predicted that this could be used to execute a very simple attack by getting 2 of the owners to sign off on transfers worth up to $330million.
His sleuthing talents have since been recognized by Brendan Eich, the CEO and co-founder of Brave.
— Ape Dev (@_apedev) 24 Iunie, 2022
Whether the Harmony attacker got the idea from Ape Dev’s indication or reached the same conclusion independently is unclear. In either case, however, the warning came nearly three months before the unfortunate event, which should have given Harmony devs enough time to secure their systems.
With cyberattacks becoming more and more prevalent in the crypto space, the security standards of various blockchain-based platforms will likely be scrutinized by third parties with increasing regularity – and rightfully so.
Binance gratuit 100 USD (exclusiv): Utilizați acest link pentru a vă înregistra și a primi 100 USD gratuit și 10% reducere la taxe la Binance Futures prima lună (termeni).
Ofertă specială PrimeXBT: Utilizați acest link pentru a vă înregistra și introduce codul POTATO50 pentru a primi până la 7,000 USD din depozitele dvs.
Source: https://cryptopotato.com/harmony-bridge-hacked-100-million-worth-of-ethereum-lost/