Increasing multi-chain or cross-chain technology seems to remain in the focus of hackers. Users continue to want to interact with other blockchains by building bridges to different ecosystems. Ethereum co-founder Vitalik Buterin has frequently raised his concerns about the issue.
While Vitalik Buterin has shown that the main reason for not approving such bridges is the ‘basic safety margins of bridges’, the latest incident by Harmony has brought these risks and concerns back to safety.
Koinfinans.com As we reported, the Harmony blockchain network has become yet another cross-chain bridge feature abused sock blockchain. Horizon, its cross-chain bridge to Ethereum, stole nearly $100 million worth of assets in ETH. The team warned users on Twitter on June 24:
1/ The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.
more 🧵
— Harmony 💙 (@harmonyprotocol) June 23, 2022
The address in question holds 85,837,251 ETH, and this asset has an average value of $100 million. The address, which came to the fore with allegations, made 11 transactions on the bridge for various tokens. He also used these tokens to trade the Uniswap exchange for ETH and sent the assets back to the original address.
Horizon Bridge facilitates token transfers between Harmony, the Ethereum network, Binance Chain and Bitcoin. The operator of the Harmony bridge stopped the bridge to avoid further damage. It was also stated that the BTC bridge and its assets were not affected by the attack. The team also annotated that its “funds and assets stored in decentralized vaults are currently safe.”
Harmony team collaborated with “national authorities and forensic experts” to investigate the situation.
“We have informed the exchanges of the said attack and have stopped the Horizon bridge to avoid further damage. The investigation is ongoing and our team is investigating the matter deeply. As more details come in, we will pass them on to you without wasting any time.”
The native token ONE of the Harmony ecosystem had lost 10% in the last 24 hours and then witnessed this attack.
Can Stolen Coins Be Recovered?
Metaverse software company AAG Ventures was hit hardest by the attack. It suffered an average of $84 million in losses. AAG announced that they were able to freeze $78 million of the $84 million they lost.
Mudit Gupta, a security researcher and Polygon CISO, revealed that Horizon Bridge uses a multi-signature mechanism to reach consensus. If any 2 out of 5 signatures agreed on a transaction, it would pass. The abuser apparently compromised 2 signatures and was able to drain $100 million.
Mudi also stated that the exploit has nothing to do with any security flaws in Horizon Bridge or any other blockchain security-related issue. In fact, hacking is a risk that can happen on servers running two wallets responsible for verifying any transaction.
The attack is very similar to the $600 million attack on the Ronin Bridge.
AAG had partnered with Lossless DeFi and was using mitigation tools to protect its funds. As a result, Looseless announced that it was able to freeze approximately $78 million of the $84 million lost by AAG in the attack.
Fortunately, AAG had just launched the Harmony protocol the day before Lossless and had the tools to intervene.
You can follow the current price action here.
Disclaimer: What is written here is not investment advice. Cryptocurrency investments are high-risk investments. Every investment decision is under the individual’s own responsibility. Finally, Koinfinans and the author of this content cannot be held responsible for personal investment decisions.