The root cause of the massive hack that stole $100 million from Harmony last Wednesday may have been discovered.
Harmony suffers a $100 million hack
Leschte Mëttwoch, Harmonie, a layer 1 blockchain company launched in 2019 by Stephen Tse, suffered a $100 million theft due to a hack.
1/ D'Harmony-Team huet en Déifstall identifizéiert, deen de Moien op der Horizontbréck optrieden, deen ca. $100 MM. Mir hunn ugefaang mat nationalen Autoritéiten a forensesche Spezialisten ze schaffen fir den Täter z'identifizéieren an déi geklaut Fongen ze recuperéieren.
Méi?
- Harmonie? (@harmonyprotocol) Juni 23, 2022
Harmony is aiming to solve the persistent "Blockchain Trilemma" by balancing scalability with security and decentralization.
In a tweet, the company disclosed this attack and that it is working with the FBI, relevant authorities, and cyber security companies to try to recover the funds stolen from the attack.
The following day, Polygon’s chief information security officer, Mudit Gupta, said the hacker would have exploited the ability to compromise the 2-in-5 multi-signature scheme on which the Harmony blockchain bridge is based.
Gupta explained:
“The hacker compromised 2 addresses and made them drain the money. The two addresses were likely hot wallets used to listen for and process legit bridging transactions”.
How do bridges that enable cross-chain asset transfer work?
Blockchain bridges like Harmony have taken on an important role for decentralized finance, since they give users the ability to transfer their assets from one blockchain to another. In the specific case of Horizon, users can send tokens from the Ethereum network to Binance Smart Chain.
Bridges are now a very tempting target for hackers because of the vulnerabilities in their underlying code and the large amount of liquidity they need to store.
The founder of the Harmony protocol wrote in a report on the affair that:
“The team has found evidence that private keys were compromised, leading to the breach of our Horizon bridge — Funds were stolen from the Ethereum side of the bridge. Confidentiality is key to maintain integrity as part of this ongoing investigation — The omission of specific details is to protect sensitive data in the interest of our community”.
In a subsequent tweet, the company offered a $ 1 Millioun Belounung to anyone who offered news that would be helpful in recovering the amounts stolen by the hackers.
Mir verpflichte eng $ 1M Bounty fir de Retour vun Horizon Bréck Fongen an d'Ausbeutungsinformatioun ze deelen.
Kontaktéiert eis [Email geschützt] or ETH address 0xd6ddd996b2d5b7db22306654fd548ba2a58693ac.
Harmony plädéiere fir keng kriminell Käschten wann Fongen zréckginn.
- Harmonie? (@harmonyprotocol) Juni 26, 2022
Harmony, which was launched through Binance Launchpad via an Initial Exchange Offer (IEO), grossed 23 million in May 2019, while three years after launch it has a total market capitalization of about $ 1.5 Milliarden. Harmony’s native token is called ONE and is used for transaction fees, staking, and governance, allowing holders to participate in decisions about the future of the network.
Source: https://en.cryptonomist.ch/2022/06/27/100-million-hack-harmony/