Hackers looted about $100 million from Harmony’s HARMONYONE Horizon bridge, the latest cross-chain protocol to be hacked in crypto ecosystem, suffering a loss that represents two-thirds of its total capital.
Blockchain Harmony said in a tweet that the hack of its Horizon bridge, which lets people swap coins between different blockchains, took place Thursday morning. It has “begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.”
The post noted that the hacker stole a mix of blockchain tokens ether and BNB, stablecoins UDST, USDC, and dai, and DeFi tokens AAVE and SUSHI .
In response to the hack, the team paused the Horizon bridge to prevent further transactions. Harmony has also notified exchanges about the incident in an effort to block transfer of the ill-gotten gains. “The team is all hands on deck as investigations continue,” they tweeted.
This hack appears to be largely a result of a vulnerability within Horizon’s highly centralized security structure. Although the platform uses a “multisig” wallet to conduct transfers, meaning multiple parties need to sign off on a transaction, Horizon’s wallet only required two of the four signers to authorize a transaction. It also means that only two accounts would need to be compromised to steal the money.
Even before the hack, some were weary of Harmony’s bridge security as far back as April, pointing out the small number of owners within the consensus process. Founder of Chainstride Capital crypto-focused venture fund Ape Dev warned that if two of the four signers were compromised, the bridge could see “another 9 figure hack.”
Discover more from DiutoCoinNews
Subscribe to get the latest posts sent to your email.