{"id":30829,"date":"2022-06-24T05:16:20","date_gmt":"2022-06-24T09:16:20","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=30829"},"modified":"2022-06-24T07:41:43","modified_gmt":"2022-06-24T11:41:43","slug":"hackers-steal-100m-from-harmonys-horizon-bridge","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/hackers-steal-100m-from-harmonys-horizon-bridge\/","title":{"rendered":"Hackers steal $100M from Harmony’s Horizon Bridge"},"content":{"rendered":"\n
A $100 million worth of altcoins have been obtained through Harmony's Horizon Bridge and are being exchanged for ether (ETH).<\/h5>\n\n\n\n
\"Hackers
Hackers steal $100M from Harmony's Horizon bridge<\/figcaption><\/figure>\n\n\n\n

The hack might prove the community's earlier worries about the reliability of the two of four multisig that purportedly safeguard the bridge to be unfounded.<\/p>\n\n\n\n

There were 11 transactions conducted from the bridge for different tokens<\/a> between 7:08 and 7:26 ET. Since then, they have started transferring tokens to an alternative wallet in order to exchange them for ETH on the Uniswap decentralized exchange (DEX), then transferring the ETH back to the original wallet.<\/p>\n\n\n\n

Frax (FRAX), Wrapped Ether, and so far (WETH). Sushi (SUSHI), AAG (AAG), Aave (AAVE), Frax Share (FXS), and Binance USD (BUSD). Through this vulnerability, Dai (DAI), Tether (USDT), Wrapped BTC (WBTC), and USD Coin (USDC) have all been taken off the bridge.<\/p>\n\n\n\n

Token transfers between Harmony and the Ethereum network, Binance Chain, and Bitcoin are made possible by the Horizon Bridge. The bridge has been stopped, according to Harmony\r\n \r\n \r\n \r\n <\/g>\r\n \r\n \r\n \r\n <\/clipPath>\r\n <\/defs><\/svg><\/span><\/a>, the bridge's operator, who made the announcement late on June 23. The BTC bridge and its assets, according to the statement, were unaffected by the attack.<\/p>\n\n\n\n

The Harmony team added that it was collaborating with “national authorities and forensic experts” to identify the culprit. There will undoubtedly be a postmortem.<\/p>\n\n\n\n

Requests for a response from Harmony's developers and co-founder Nick White went unanswered. Layer-1 blockchain Harmony<\/a> uses proof-of-stake consensus. One is its native token.<\/p>\n\n\n\n

The reliability of Horizon's multisig wallet on Ethereum, which only required two of the four signers to drain the cash, has previously been questioned. The low number of required signers would leave the bridge exposed for “another 9-figure hack,” said Chainstride Capital CEO Ape Dev on Twitter on April 2.<\/p>\n\n\n\n

\n

1\/ The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.

More \ud83e\uddf5<\/p>— Harmony \ud83d\udc99 (@harmonyprotocol) June 23, 2022<\/use><\/svg><\/span><\/a><\/blockquote>

Given that the bridge's assets are currently down by $100 million, Ape Dev's prediction seems to have come true.<\/p>\n\n\n\n

He is not the only cryptocurrency engineer who has concerns about the safety of token bridges.<\/p>\n\n\n\n

In a Reddit post this past January, Vitalik Buterin outlined the problems with token bridges. According to his theory, when bridges are misused, the liquidity of each chain that is impacted is put in jeopardy. The prospect of a 51 percent attack on one chain could pose a bigger risk of spreading to other chains as the number of token bridges rises, he continued.<\/p>\n\n\n\n

Since he made his prediction, the Wormhole Bridge, Ronin Bridge, and Meter's Token Bridge have all been used for approximately $1 billion in total.<\/p>\n\n\n\n

\n

The security of the bridge is currently predicated on a multisig wallet deployed at 0x715CdDa5e9Ad30A0cEd14940F9997EE611496De6. It has four owners, two of which are required to consent in order to execute an arbitrary transaction (i.e. drain the $330m). pic.twitter.com\/sgYmyPrYgf<\/use><\/svg><\/span><\/a><\/p>— Ape Dev (@_apedev) April 1, 2022<\/use><\/svg><\/span><\/a><\/blockquote>

Attacks continue to pose a security risk due to multisignature. Only five of the nine validators on the Ronin Bridge were necessary to confirm a transaction. Over $600 million in assets were taken by the attacker when he gained control of the necessary five validators.<\/p>\n\n\n\n

The prices of all the affected coins and tokens have not changed significantly, suggesting that the market has not yet reacted to the attack. However, over the previous 24 hours, ONE has decreased by 7.4%, with the most of the decline occurring in the last 5 hours. According to CoinGecko, it is currently trading at $0.024.<\/p>\n","protected":false},"excerpt":{"rendered":"

A $100 million worth of altcoins have been obtained through Harmony’s Horizon Bridge and are being exchanged for ether (ETH). The hack might prove the community’s earlier worries about the reliability of the two of four multisig that purportedly safeguard the bridge to be unfounded. There were 11 transactions conducted from the bridge for different […]<\/p>\n","protected":false},"author":38,"featured_media":30852,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[21],"tags":[10768],"class_list":["post-30829","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-horizon-bridge"],"jetpack_featured_media_url":"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/06\/Hackers-steals-100M-from-Harmonys-Horizon-bridge.jpeg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/30829","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/38"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=30829"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/30829\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media\/30852"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=30829"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=30829"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=30829"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}