Harmony’s Horizon Bridge Hacked Resulting in a $100M Loss
Hackers used the Horizon Bridge to swap $100 million worth of altcoins for Ether, which is being stored on the blockchain of the Harmony layer-1 platform. In a statement, the company said it had identified a theft on the Horizon Bridge.
Vulnerabilities Continue to Mount
The affected assets included various cryptocurrencies such as Bitcoin, Ethereum, and altcoins, totaling $100 million. At the time of writing, they had deposited almost 85,867 Ether to the hacker’s address.
The bridge has been temporarily closed to prevent further losses. Developers of the project have also noted that this issue does not affect the BTC bridge.
It’s believed that the attack occurred over 17 hours—the first transaction, 4,919 ETH, followed by several smaller transactions ranging from 911 to 0.0003 ETH. Following the closing of the bridge, this last transaction took place.
This exploit is the latest in a series of attacks that have affected the crypto space. Some of these include the Axie Infinity drain and the Solana Wormhole exploit. Hackers also patched a vulnerability known as the Demonic attack before it could cause any damage.
Due to the nature of the attack, various exchanges have been notified, and forensic specialists have been dispatched to assist in identifying the attacker. However, finding the attacker’s identity can be very challenging, depending on where he is located.
Harmony states:
“We have also notified exchanges and stopped the Horizon bridge to prevent further transactions. The team is all hands on deck as investigations continue. We will keep everyone up-to-date as we investigate this further and obtain more information.”
Warning Given in Advance
Concerns have been raised about the soundness of Horizon’s multisig wallet on Ethereum. It only required two out of its four signees to transfer the funds. A founder of a cryptocurrency-focused venture capital firm, Chainstride Capital, noted on Twitter that the low number of signers for the bridge would allow for another 9-figure hack.
The bridge’s assets have dropped by $100 million following a prediction by developer Ape Dev. He is not the only one concerned about the security of cryptocurrencies. In January, Vitalik Buterin, a prominent developer, discussed the issue of token bridges in a Reddit post.
He noted that the exploitation of bridges could threaten the liquidity of the various chains. As the number of bridges continues to increase, he warned that the potential for 51% attacks on one chain could increase.
Since his prediction, the Token Bridge, Axie Inifinity’s Ronin Bridge, and the Wormhole Bridge have been successfully exploited for over $1 billion.
Due to the nature of multisigs, it is considered a security issue that hackers can exploit in attacks. In the case of the Ronin Bridge, only five of its nine signers were required to validate a transaction. The attacker was able to steal over $600 million in assets.
It is not clear if the attacker got the idea from Dev or if he was able to reach the same conclusion independently. However, given the warning several months before the attack, the developers of the Harmony platform should have had time to secure their systems.
Due to the increasing number of cyberattacks on cryptocurrencies, third-party scrutiny of the security standards of blockchain-based platforms is likely to become more frequent.
ONE’s Price Reaction
The market has not reacted to the attack on the cryptocurrency market. Although the prices of various cryptocurrencies and tokens have not moved significantly, the market is still waiting for a response.
ONE has dropped by around 7.4% in the past 24 hours. It is currently trading at $0.024. It has lost 93.7% of its value since its all-time high of around $0.379 on October 19.