Hacker steals $100M from Harmony’s Horizon Bridge
The primary bridge on the layer-1 blockchain connecting Ethereum, Binance Chain, and Bitcoin has reportedly been exploited for nine figures, but the bridge’s BTC bridge claims to be unaffected.
A total of $100 million in altcoins have been obtained and exchanged for ether (ETH) via the Horizon Bridge to the Harmony layer-1 blockchain.
The hack may justify previously stated community worries about the reliability of the two of four multisig that purportedly protect the bridge.
There were 11 transactions conducted from the bridge for multiple tokens between 7:08 and 7:26 ET. Since then, they have started transferring tokens to an alternative wallet in order to exchange them for ETH on the Uniswap decentralized exchange (DEX), then transferring the ETH back to the original wallet.
As of now, Frax (FRAX), Wrapped Ether (WETH), Sushi (SUSHI), AAG (AAG), Aave (AAVE), Frax Share (FXS), and Binance USD (BUSD). Through this hack, Dai (DAI), Tether (USDT), Wrapped BTC (WBTC), and USD Coin (USDC) have all been taken off the bridge.
Token transfers between Harmony and the Ethereum network, Binance Chain, and Bitcoin are facilitated by the Horizon Bridge. The bridge’s operator, Harmony, stated late on June 23 that the bridge had been closed down. According to that statement, neither the BTC bridge nor its assets were impacted by the attack.
The Harmony team added that it was collaborating with “national authorities and forensic specialists” to identify the culprit. There will undoubtedly be a post-mortem.
Harmony is a layer-1 blockchain that uses proof-of-stake consensus. ONE is its native token.
It has already been questioned whether Horizon’s multisig wallet on Ethereum is reliable given that just two of the four signers were needed to drain the funds. Ape Dev, the founder of Chainstride Capital, a crypto-focused venture fund, stated on Twitter on April 2 that the low number of required signers would unlock the bridge for “another 9-figure hack.”
Given that the bridge’s assets are currently down by $100 million, Ape Dev’s prediction seems to have come true.
He is far from the only crypto developer who is concerned about the safety of token bridges.
In a Reddit post this past January, Vitalik Buterin addressed the problems with token bridges. He stated that when bridges are exploited, the liquidity of each chain that is impacted is endangered. He also stated that as the number of token bridges increases, the risk of a 51% attack on one chain could pose a bigger risk of contagion to others.
Meter’s token bridge, Axie Infinity’s Ronin Bridge, and the Wormhole Bridge have all been exploited for roughly a billion dollars since his prediction.
Attacks continue to provide a security concern with multisigs. Only five of the nine validators on the Ronin Bridge were necessary to validate a transaction.Over $600 million in assets were seized by the attacker when he gained control of the required five validators.
The prices of all the affected coins and tokens have not changed significantly, suggesting that the market has not yet reacted to the attack. But over the previous 24 hours, ONE has lost 7.4% of its value, with the majority of the loss occurring in the last 5 hours. According to the data, it is currently trading at $0.024.
