The A to Z of the $100m hack of Harmony’s Horizon Bridge
The multi-chain or cross-chain technology seems to be the new playing ground for hackers given the sheer rise. Users want to transact with other blockchains by leveraging bridges to different ecosystems. Nonetheless, several famed individuals such as Ethereum co-founder and developer Vitalik Buterin raised concerns about the same.
In his argument, Buterin cited the “fundamental security limits of bridges” as the key reason for his disapproval of a cross-chain environment. Yet, here we are.
No more harmony?
The Harmony blockchain network is the recent victim to have succumbed to yet another cross-chain bridge exploit. Horizon, its cross-chain bridge to Ethereum, suffered an exploit worth nearly $100 million in ETH. The team alerted users on Twitter in a 24 June tweet that read,
1/ The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.
More ?
— Harmony ? (@harmonyprotocol) June 23, 2022
The address linked in the thread held 85,837.251 ETH, worth approximately $100 million as of press time. The alleged address made 11 transactions from the bridge for various tokens. Further sent tokens to a different wallet to swap for ETH on the Uniswap decentralized exchange (DEX), then sent ETH back to the original wallet.
The Horizon Bridge facilitates token transfers between Harmony, the Ethereum network, Binance Chain, and Bitcoin. Harmony the operator of the bridge halted the bridge to avoid further damage. It said the BTC bridge and its assets have not been affected by the attack. The team further added that ‘its funds and assets stored on decentralized vaults are safe at this time,’
In addition, the Harmony team cooperated with “national authorities and forensic specialists” to investigate the situation. The team explained,
“We have also notified exchanges and stopped the Horizon bridge to prevent further transactions. The team is all hands on deck as investigations continue. We will keep everyone up-to-date as we investigate this further and obtain more information.”
Nonetheless, the damage was done following which ONE dropped 10% over the past 24 hours- it traded at $0.024 according to CoinMarketCap.
‘Deaf ears’ on a rise
Cross-chain bridges have gathered a lot of attention in the crypto market, but mostly on the negative side. In a similar case, Axie Infinity’s Ronin Bridge too suffered a massive (nearly) $600 million worth of hack earlier in March.
In fact, at least five such bridges suffered the same fate since mid-2021 wherein attackers were able to steal more than $1B.