$100M stolen from Harmony’s Horizon Bridge hack

A $100 million worth of altcoins have been stolen through the Horizon Bridge to the Harmony layer-1 blockchain and exchanged for Ether (ETH).

The hack might prove the community’s earlier worries about the reliability of the two of four Multisig that safeguard the bridge to be non-existent.

11 transactions were conducted from the bridge for different tokens between 7:08 and 7:26 ET. Since then, they have started transferring tokens to an alternative wallet to exchange them for ETH on the Uniswap decentralized exchange (DEX), then transferring the ETH back to the original wallet.

Frax, Wrapped Ether, Sushi, AAG, Aave, Frax Share, Binance USD, Dai, Tether, Wrapped BTC, and USD Coin were exploited off the bridge.

Hacked transactions
Hacked transactions. Source: etherscan

Measures taken after the hack

Token transfers among the Ethereum network, Binance Chain, and Bitcoin are made possible by the Horizon Bridge. The bridge has been stopped, as per Harmony, the bridge’s operator, who made the announcement late on June 23. The BTC bridge and its assets, according to the statement, were unaffected by the attack.

The Harmony team added that it collaborated with “national authorities and forensic experts” to identify the culprit. There will undoubtedly be a postmortem.

“We have also notified exchanges and stopped the Horizon bridge to prevent further transactions. The team is all hands on deck as investigations continue. We will keep everyone up-to-date as we investigate this further and obtain more information.”

Layer-1 blockchain Harmony uses proof-of-stake consensus. ONE is its native token.

 

Previous warnings about the vulnerability of Harmony’s Horizons Bridge

The reliability of Horizon’s multi-sig wallet on Ethereum, which only required two of the four signers to take out the cash, has previously been questioned. The low number of signers could leave the bridge exposed for “another 9-figure hack,” said Chainstride Capital CEO Ape Dev on Twitter on April 2.

Given that the bridge’s assets are currently down by $100 million, Ape Dev’s prediction seems to have come true.

He is not the only cryptocurrency engineer concerned about token bridges’ safety.

In a Reddit post this past January, Vitalik Buterin outlined the problems with token bridges. According to his theory, when bridges are misused, the liquidity of each impacted chain is put in jeopardy. He continued that the prospect of a 51 percent attack on one chain could pose a bigger risk of spreading to other chains as the number of token bridges rises.

Since he made his prediction, the Wormhole Bridge, Ronin Bridge, and Meter’s Token Bridge have all been used for approximately $1 billion.

 

Previous attacks on Multisig models

Attacks continue to pose a security risk due to multisignature. Only five of the nine validators on the Ronin Bridge were necessary to confirm a transaction. Over $600 million in assets were taken by the attacker when he gained control of the necessary five validators.

The prices of all the affected coins and tokens have not changed significantly, suggesting that the market has not yet reacted to the attack. However, over the previous 24 hours, ONE has decreased 10 %, with most of the decline occurring in the last 5 hours. As per CoinGecko, it is currently trading at $0.024.

spot_img