Hacker steals about $100 million in Harmony’s Horizon cross-chain bridge attack
Harmony reports Horizon bridge attack with about $100 million stolen.
The Harmony team said a cross-chain bridge attack on Horizon resulted in losses of about $100 million.
1/ The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.
More 🧵
— Harmony 💙 (@harmonyprotocol) June 23, 2022
An unknown actor moved the tokens in several transactions, then sent them to another wallet and swapped them on the Uniswap decentralized exchange.
Horizon is a cross-chain bridge between the Harmony blockchain and the Bitcoin, Ethereum, and BNB Chain networks.
Representatives from Harmony suspended Horizon. They also said they had begun an investigation alongside law enforcement, including the FBI, and notified cryptocurrency exchanges about the situation.
4/ We have also notified exchanges and stopped the Horizon bridge to prevent further transactions. The team is all hands on deck as investigations continue.
We will keep everyone up-to-date as we investigate this further and obtain more information.
— Harmony 💙 (@harmonyprotocol) June 23, 2022
The team said the incident did not affect the trustless Bitcoin bridge — all funds remain safe in decentralized storage.
Certik analysts said the attacker somehow gained control of the multisig wallet. This allowed him to move a large number of tokens from the bridge to Harmony.
“Our expert analysis identified 12 transactions and 3 addresses of attack. During the operations the hacker obtained various tokens, including ETH, USDC, WBTC, USDT, DAI, BUSD, AAG, FXS, SUSHI, AAVE, WETH and FRAX,” the study states.
In the wake of the hack, the Harmony (ONE) token fell 9.4% in 24 hours. At the time of writing its price was around $0.024, according to Coingecko.
In February, hackers drained from the Solana-based Wormhole cross-chain bridge more than $319 million, and also stole from the DeFi company Meter about $4.3 million in Bitcoin and Ethereum.
In March, during the attack on the Ronin sidechain, the attacker stole crypto assets worth about $625 million.
Ethereum founder Vitalik Buterin previously said he is pessimistic about cross-chain bridges. In his view, the latest are vulnerable to 51% attacks.
According to Immunefi, just in the first quarter of 2022 crypto projects lost more than $1.22 billion due to hackers and scammers.
Read ForkLog’s Bitcoin news in our Telegram — cryptocurrency news, prices and analysis.
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!