theft of $100 million from Harmony

Unfortunately in the crypto world, it is rare to see a week without witnessing a smart breach of contract and bad news from a hacker. Over the weekend, 85,860 ETH was transferred from the bridge between Harmony (ONE) and Ethereum (ETH). This project tries everything for everything and offers pirates a bounty.

Yet another crypto hack

Just before the weekend, the Harmony team had announced some bad news for the crypto market: about $100 million in assets had been stolen, and most importantly, the suspension of one of the largest bridges in the industry. Indeed, there are companies that specialize in instant exchanges between different blockchains.

Exchanges like Binance and Coinbase use the services of these companies to provide instant conversions to their customers. Horizon explained on Friday, June 24, 2022: “The Harmony team identified a theft on the Horizon Bridge this morning involving approximately $100 million. We are working with national authorities and forensic specialists to identify the perpetrator and recover the stolen funds.”

This new hack in the cryptocurrency world is adding to distrust in the reliability of some of the technology infrastructure used in the ecosystem.

Technical gateways (“bridges”) exist to enable the circulation of cryptographic assets between the different blockchains. The attackers took advantage of Horizon, a Harmony-created bridge that allows assets to flow between the Ethereum blockchain and Binance Smart Chain.

Harmony Protocol was created in 2017 to facilitate the creation and use of decentralized applications. These peer-to-peer applications provide loans and other financial services without the need for traditional intermediaries or centralized players. These services are built on top of or next to other blockchains (sidechains) to enable faster transactions at a lower cost.

A $1 million bounty and a drop in the pirate’s promised lawsuits

According to The Block and according to Mudit Gupta, head of IT security at Polygon (MATIC), hackers have taken control of a very special wallet with multiple signatures. The latter is used to deploy the Harmony Bridge. The hacker would then modify the code of this protocol in order to steal the money.

Given the magnitude of the theft, Harmony’s team say they are ready to drop charges if the hackers want to return the money. If he regrets it, the team even announced a $1 million bounty for the hacker on the project’s official Twitter account: “We commit to pay a $1 million bounty for the return of funds from the Horizon Bridge and Operation Information Sharing [de faille]† (…) Harmony will advocate that no criminal charges be brought when the money is returned. †

According to blockchain data analytics firm Elliptic, the criminals stole several cryptocurrencies, including Ether, Tether and USD Coin, which had gathered on the Harmony Horizon Bridge, which they then exchanged for Ether. †

These bridges have become a prime target for pirates. According to Elliptic analyst Jess Symington, bridges retain “large liquidity reserves,” making them “attractive targets for hackers.”

In addition to Ronin, another popular bridge was hacked in February, stealing more than $320 million. More than $1 billion has been stolen from bridges since early 2022, according to Elliptic.

If the ONE blockchain team hopes Horizon Bridge’s loot returns, things may not go as smoothly as Optimism (OP). In this case, after a single hacker transferred 20 million OP tokens, the hacker returned 17 million OP while keeping a huge bonus.

Leave a Comment