Harmony Hacked: Theft on the Horizon Bridge Amounts to $100M

Harmony Hacked

    • Harmony announced that it has identified a theft this morning on the Horizon bridge.
    • The hack on the bridge has presumably led to a loss of $100 million.
    • The team has started working with national authorities and specialists to identify the culprit.

Harmony has announced that it has identified a theft this morning on the Horizon bridge amounting to approximately $100 million. The team claims to have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.

The Horizon Bridge enables token transfers between Harmony and the Ethereum network, Binance Chain, and Bitcoin. Harmony is a layer-1 blockchain that uses proof-of-stake consensus and is the operator of the bridge.

Reportedly, the hacking began at about 7:08 am and went on till  7:26 am (ET) this morning. A total of 11 transactions were made from the bridge for various tokens during this period. According to the most recent updates, the hackers have also started sending tokens to a different wallet to swap for ETH on Uniswap, then sending the ETH back to the original wallet.

Interestingly, a Twitter user that goes by the Twitter handle @_apedev had predicted the exploit earlier in April this year. “So all in all, if two of the four multisig signers are compromised, we’re going to see another 9 figure hack. Considering all that’s been going on lately, it’d be interesting to hear some details from harmony protocol on how these EOAs are secured,” said the user. Ape Dev is the founder of crypto-focused venture fund Chainstride Capital.

Similarly, Vitalik Buterin, the man Time described as the ‘Prince of Crypto’, outlined critical security concerns pertaining to cross-chain bridges in the blockchain space in a Reddit post back in January.

Moreover, considering that over the past few months, Meter’s token bridge, Ronin Bridge, and Wormhole Bridge were all targets of hacks, there appears to be the need for better safety protocols. Multisigs, from the looks of it, seem to have inherent security concerns.