As if crypto markets and the overall ecosystem were not in a bad place already, things have just got much worse for Harmony Protocol.
Harmony posted that it “identified a theft” occurring on the Horizon bridge. The exploit was to the tune of around $100 million in various crypto assets which were sent to the hacker’s Ethereum address.
At the time of writing, 85,867 sat in this address worth an estimated $99.3 million.
A few hours after the exploit, Harmony tweeted that it was “working around the clock as we continue our investigation alongside the FBI and multiple cyber security firms.”
At the time, it stated that it did not impact the trustless BTC bridge as funds and assets stored on decentralized vaults were safe.
Another bridge attack
This latest attack follows the Ronin bridge exploit in March, the crypto industry’s largest resulting in the loss of more than $600 million. A month earlier, hackers pilfered more than $300 million from the Wormhole bridge.
Harmony is a highly scalable, proof-of-stake, Layer-1 blockchain. Binance partnered with Harmony for an Initial Exchange Offering (IEO) in May 2019.
The Horizon bridge is the gateway between Harmony and other networks such as Ethereum, Bitcoin, and Binance Chain.
Concerns were raised about the Horizon bridge by Chainstride Capital founder “@_apedev” in April. He did some digging to reveal that the security was governed by a multisig wallet with four owners. Only two were required to execute an arbitrary transaction he observed, stating at the time:
“So all in all, if two of the four multisig signers are compromised, we’re going to see another nine figure hack.”
Multisigs for bridges…
