Early today, Harmony layer-1 blockchain’s Horizon Bridge was attacked, which resulted in a loss of around $100 million in altcoins, most of which have already been swapped with Ethereum (ETH).
The exploitation started earlier on Friday and continued for around 20 minutes. During this period, the attacker(s) made multiple transactions from the bridge for altcoins.
Notably, the culprit stole Frax (FRAX), Wrapped Ether (WETH). Aave (AAVE), Sushi (SUSHI), Frax Share (FXS), AAG (AAG), Binance USD (BUSD), Dai (DAI), Tether (USDT), Wrapped BTC (WBTC), and USD Coin (USDC) from the bridge during the attack. They immediately started sending tokens to a different wallet to swap them for ETH on the Uniswap Decentralized Exchange.
Harmony confirms the hack
Harmony confirmed the hack via a Twitter thread earlier on Friday. The company has “begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.”
1/ The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.
— Harmony 💙 (@harmonyprotocol) June 23, 2022
It clarified that the attack had zero effect on the trustless BTC bridge. Harmony states:
“Its funds and assets stored on decentralized vaults are safe at this time.”
The company has already notified exchanges and paused the Horizon bridge to prevent further chances of exploitation.
“The team is all hands on deck as investigations continue.”
The popular layer-1 blockchain Harmony uses proof-of-stake (PoS) consensus. Token transfers between Harmony and the Ethereum network, Binance Chain, and Bitcoin are facilitated by the Horizon Bridge.
The reliability of Horizon’s multisig wallet on Ethereum, which only required two of the four signers to drain the cash, has previously been questioned. The lower number of required signers would leave the bridge exposed for “another 9-figure hack,” said Chainstride Capital CEO Ape Dev on Twitter on April 2.
In February, as TheCoinRise reported, Harmony launched its Passport featuring Bored Ape Yacht Club.