Layer-1 blockchain network Harmony Protocol (ONE) said on June 24 that a hacker exploited its horizon bridge, and roughly $100 million worth of tokens on the bridge were stolen.
1/ Harmony tim je identifikovao krađu koja se dogodila jutros na mostu Horizon u iznosu od cca. $100MM. Počeli smo da radimo sa nacionalnim vlastima i forenzičkim stručnjacima na identifikaciji krivca i povratku ukradenih sredstava.
Više ?
— Harmonija? (@harmonyprotocol) Juni 23, 2022
The attack is one of the biggest in recent weeks. Harmony said it has started “working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.”
The team added that the exploit did not affect the trustless Bitcoin (BTC) Bridge, and assets stored in decentralized vaults remain safe.
The Horizon bridge connects the Harmony protocol with other networks such as Ethereum and Binance Smart Chain, allowing the transfers of cryptocurrencies, stablecoins, and NFTs between the Harmony blockchain and the network.
Harmony was warned of the vulnerability
In April, blockchain developer and researcher Ape Dev upozorio about Harmony’s weak security. They predicted that a malicious party could exploit it in an attack that could lead to losses of up to $330 million.
Sigurnost mosta je trenutno zasnovana na multisig novčaniku raspoređenom na 0x715CdDa5e9Ad30A0cEd14940F9997EE611496De6. Ima četiri vlasnika, od kojih dva moraju dati pristanak kako bi se izvršila proizvoljna transakcija (tj. ispraznila 330 miliona dolara). pic.twitter.com/sgYmyPrYgf
— Majmun Dev (@_apedev) April 1, 2022
Prema dostupne informacije, the attacker moved the funds in 12 transactions using three attack addresses. As a result, they could move funds to tokens such as ETH, WBTC, USDT, AAVE, WETH, FXS, SUSHI, FRAX, DAI, BUSD, and AAG.
The attacker was able to gain control of the MultiSigWallet and confirmed the transactions to transfer the stolen funds directly.
Harmony Protocol’s Horizon bridge was hacked and $100 million were drained earlier today.
Most je u suštini bio 2 od 5 višeznaka. Ako su mu bilo koje 2 adrese rekle da nekome prenese sredstva, to je učinilo.
The hacker compromised 2 addresses and made them drain the money. ?? pic.twitter.com/hv1JWDy9WQ
- Mudit Gupta (@Mudit__Gupta) Juni 24, 2022
While the hacker’s identity remains unknown, the fact that the Harmony team could have prevented the attack will raise questions about its security amongst the crypto community.
Most of the stolen tokens were still in the attacker’s novčanik as of press time. However, the attacker has started converting the stolen funds into ETH through Uniswap.
The @harmonyprotocol bridge exploiter 0x0d04…ed00 stole 11 different erc-20 tokens and 13,100 Ether from the bridge.
They then transferred other erc-20 tokens to two other wallets to swap via uniswap and others dexs back to eth, and finally it back to 0x0d04…ed00. pic.twitter.com/HY5JepVrPu
— MistTrack (@MistTrack_io) Juni 24, 2022
Source: https://cryptoslate.com/harmony-protocols-horizon-bridge-exploited-100m-stolen/