A $100 million worth of altcoins have been stolen through the Horizon Bridge to the Harmony layer-1 blockchain and exchanged for Ether (ETH).
The hack might prove the community’s earlier worries about the reliability of the two of four Multisig that safeguard the bridge to be non-existent.
11 transactions were conducted from the bridge for different tokens between 7:08 and 7:26 ET. Since then, they have started transferring tokens to an alternative wallet to exchange them for ETH on the Uniswap decentralized exchange (DEX), then transferring the ETH back to the original wallet.
1/ The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.
More 🧵
— Harmony 💙 (@harmonyprotocol) June 23, 2022
Frax, Wrapped Ether, Sushi, AAG, Aave, Frax Share, Binance USD, Dai, Tether, Wrapped BTC, and USD Coin were exploited off the bridge.
Measures taken after the hack
Token transfers among the Ethereum network, Binance Chain, and Bitcoin are made possible by the Horizon Bridge. The bridge has been stopped, as per Harmony, the bridge’s operator, who made the announcement late on June 23. The BTC bridge and its assets, according to the statement, were unaffected by the attack.
The Harmony team added that it collaborated with “national authorities and forensic experts” to identify the culprit. There will undoubtedly be a postmortem.
“We have also notified exchanges and stopped the Horizon bridge to prevent further transactions. The team is all hands on deck as investigations continue. We will keep everyone up-to-date as we investigate this further and obtain more information.”
Layer-1 blockchain Harmony uses proof-of-stake consensus. ONE is its native token.
Previous warnings about the vulnerability of Harmony’s Horizons Bridge
The reliability of Horizon’s multi-sig wallet on Ethereum, which only required two of the four signers to take out the cash, has previously been questioned. The low number of signers could leave the bridge exposed for “another 9-figure hack,” said Chainstride Capital CEO Ape Dev on Twitter on April 2.
The security of the bridge is currently predicated on a multisig wallet deployed at 0x715CdDa5e9Ad30A0cEd14940F9997EE611496De6. It has four owners, two of which are required to consent in order to execute an arbitrary transaction (i.e. drain the $330m). pic.twitter.com/sgYmyPrYgf
— Ape Dev (@_apedev) April 1, 2022
Given that the bridge’s assets are currently down by $100 million, Ape Dev’s prediction seems to have come true.
He is not the only cryptocurrency engineer concerned about token bridges’ safety.
In a Reddit post this past January, Vitalik Buterin outlined the problems with token bridges. According to his theory, when bridges are misused, the liquidity of each impacted chain is put in jeopardy. He continued that the prospect of a 51 percent attack on one chain could pose a bigger risk of spreading to other chains as the number of token bridges rises.
Since he made his prediction, the Wormhole Bridge, Ronin Bridge, and Meter’s Token Bridge have all been used for approximately $1 billion.
Previous attacks on Multisig models
Attacks continue to pose a security risk due to multisignature. Only five of the nine validators on the Ronin Bridge were necessary to confirm a transaction. Over $600 million in assets were taken by the attacker when he gained control of the necessary five validators.
The prices of all the affected coins and tokens have not changed significantly, suggesting that the market has not yet reacted to the attack. However, over the previous 24 hours, ONE has decreased 10 %, with most of the decline occurring in the last 5 hours. As per CoinGecko, it is currently trading at $0.024.
