Breaking: Harmony's Horizon Bridge hacked for $100M

1 week ago 10

The layer-1 blockchain’s main span betwixt Ethereum, Binance Chain, and Bitcoin has been exploited for 9 figures, but says its BTC span has not been affected.

377 Total views

6 Total shares

 Harmony's Horizon Bridge hacked for $100M

The Horizon Bridge to the Harmony layer-1 blockchain has been exploited for $100 cardinal successful altcoins which are being swapped for Ether (ETH).

The hack whitethorn vindicate antecedently raised assemblage concerns astir the robustness of the 2 of 4 multisig that reportedly secures the bridge.

Starting astatine astir 7:08 americium until 7:26 americium ET, 11 transactions were made from the span for assorted tokens. They person since begun sending tokens to a different wallet to swap for ETH connected the Uniswap decentralized speech (DEX), past sending the ETH backmost to the archetypal wallet.

1/ The Harmony squad has identified a theft occurring this greeting connected the Horizon span amounting to approx. $100MM. We person begun moving with nationalist authorities and forensic specialists to place the culprit and retrieve the stolen funds.


— Harmony (@harmonyprotocol) June 23, 2022

So far, Frax (FRAX), Wrapped Ether (WETH). Aave (AAVE), Sushi (SUSHI), Frax Share (FXS), AAG (AAG), Binance USD (BUSD). Dai (DAI), Tether (USDT), Wrapped BTC (WBTC), and USD Coin (USDC) person been stolen from the span done this exploit.

The Horizon Bridge facilitates token transfers betwixt Harmony and the Ethereum network, Binance Chain and Bitcoin. Harmony, the relation of the bridge, announced precocious connected June 23 that the span has been halted. It said the BTC span and its assets person not been affected by the attack.

The Harmony squad besides said it was moving with “national authorities and forensic specialists” to find who is responsible. A post-mortem is definite to follow.

The developers and the co-founder of Harmony Nick White did not respond to requests for comment. Harmony is simply a layer-1 blockchain utilizing proof-of-stake consensus. Its autochthonal token is ONE.

Concerns person antecedently been expressed arsenic to the soundness of Horizon’s multisig wallet connected Ethereum which lone required 2 retired of the 4 signees to drain the funds. A laminitis of Chainstride Capital crypto-focused task money Ape Dev noted connected Twitter April 2 that the debased fig of required signers would permission the span unfastened for “another 9 fig hack.”

The information of the span is presently predicated connected a multisig wallet deployed astatine 0x715CdDa5e9Ad30A0cEd14940F9997EE611496De6. It has 4 owners, 2 of which are required to consent successful bid to execute an arbitrary transaction (i.e. drain the $330m).

— Ape Dev (@_apedev) April 1, 2022

Ape Dev’s prediction appears to person go a world arsenic the span is present down $100 cardinal successful assets.

He is acold from the lone developer successful crypto to person qualms with the information of token bridges.

Vitalik Buterin discussed the issues with token bridges successful a Reddit station this January. He posited that erstwhile bridges get exploited, it threatens the liquidity connected each concatenation affected. He added that arsenic the magnitude of token bridges increases, the menace of a 51% onslaught connected 1 concatenation could contiguous greater contagion hazard to others.

Since his prediction, Meter’s token bridge, Axie Inifinity’s Ronin Bridge and the Wormhole Bridge were each exploited for astir a combined $1 billion.

The nationalist authorities and forensic specialists should beryllium investigating *you* to fig retired what benignant of breached information practices allowed this "theft" to happen.

— Chris Blec (@ChrisBlec) June 24, 2022

Multisigs are an ongoing information contented successful attacks. The Ronin Bridge was secured by 9 validators, lone 5 of which were required to verify a transaction. The attacker took power of the required 5 validators and extracted implicit $600 cardinal successful assets.

Related: Chainalysis launches reporting work for businesses targeted successful crypto-related cyberattacks

The marketplace does not yet look to person responded to the onslaught arsenic prices of each the coins and tokens successful question person not made a important move. However, ONE has dropped 7.4% implicit the past 24 hours, with astir of the autumn coming successful the past 5 hours. It is trading astatine $0.024 according to CoinGecko.

Read Entire Article