Hackers have stolen $100 million from Harmony’s Horizon Bridge, enabling users to move their cryptocurrency assets from one blockchain to another by taking advantage of a flaw.
The Horizon bridge, which allows users to transfer cryptocurrency between Ethereum, Binance Smart Chain, and Harmony, was breached, according to the Harmony ONE (1) team, on the morning of June 24.
Harmony explained that the Horizon bridge had been shut down to block additional transactions. The bridge for bitcoin on Harmony was unaffected.
A “malicious attack” on Harmony’s proprietary Horizon blockchain bridge was discovered on Thursday, the American cryptocurrency start-up that created Horizon reported in a blog post on Friday.
Cross-chain bridges, sometimes called blockchain bridges, allow users to transmit assets from one chain to another while facilitating communication across various blockchains. Users can transfer assets between the Ethereum, Binance Smart Chain, and Harmony blockchains using Harmony’s Horizon bridge, including tokens, stablecoins, and NFTs.
Nearly $100 million in cryptocurrencies were stolen from Harmony’s blockchain bridge, according to the business, which identified the attacker in a tweet.
According to Harmony’s blog post, the FBI, several cybersecurity partners, exchange partners, and others were contacted immediately after the assault and asked to help with an investigation aimed at locating the perpetrator and recovering stolen property. The blog post stated,
“Further, the team has attempted communication with the hacker by embedding a note in a transaction to the culprit’s address.”
“This incident is a humbling and unfortunate reminder of how our work is paramount to the future of this space and how much of our work remains ahead of us,” the blog post said. “Ongoing investigations present a challenge of what information is allowed to be shared with the public, but we will continue to provide updates with the latest information as soon as we can share.” Says Harmony in its blog
Elliptic, a blockchain analytics company, claims that crypto assets worth $99.7 million were stolen from the Ethereum and Binance Smart Chain blockchains. According to Elliptic, the stolen assets include several Stablecoins created to maintain a US dollar peg and the native tokens of the two blockchains.
Harmony has remained silent and did not specify how the money was taken. But as early as April, one investor going by the name of Ape Dev expressed doubts about the security of the Horizon bridge.
The researcher cautioned on Twitter that a multisignature wallet, often known as a “multi-sig,” that only needed two signatures to start transactions was crucial to the security of the Horizon bridge. For added security on transactions, multi-sig wallets demand the agreement of many participants.
Based on a note found within an Ethereum transaction readout, Elliptic claims that the Harmony team appears willing to speak with the entity responsible for the crime.
“The Harmony team is interested in communicating and negotiating. Please reach out at firstname.lastname@example.org to start a conversation. Communication can be anonymous.”