Hackers steal $ 100 million in crypto from Harmony’s Horizon Bridge
So-called blockchain bridges have become a major target for hackers who want to exploit vulnerabilities in a world of decentralized finance.
Jakub Porzycki | NurPhoto | Getty pictures
Hackers have stolen $ 100 million in cryptocurrency from Horizon, a so-called blockchain, in the latest major robbery in the world of decentralized finance.
The details of the attack are still small, but Harmony, the developers behind Horizon, said they identified the theft Wednesday morning. Harmony pointed out an individual account it believes is the culprit.
“We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds,” the startup said in a tweet late Wednesday.
In a follow-up tweet, Harmony said they are working with the Federal Bureau of Investigation and several cyber security firms to investigate the attack.
Blockchain bridges play a major role in the DeFi area, offering users a way to transfer their assets from one blockchain to another. In the case of Horizon, users can send tokens from the Ethereum network to the Binance Smart Chain. Harmony said the attack did not affect a separate bridge for bitcoin.
Like other facets of DeFi, which aims to rebuild traditional financial services such as loans and blockchain investments, bridges have become a major target for hackers due to vulnerabilities in their underlying code.
Bridges “maintain large liquidity reserves,” making them a “tempting target for hackers,” according to Jess Symington, head of research at blockchain analytics firm Elliptic.
“For individuals to use bridges to move their funds, assets are locked on one blockchain and unlocked, or embossed, on another,” Symington said. “As a result, these services hold large volumes of cryptocurrencies.”
Harmony has not revealed exactly how the funds were stolen. However, an investor had raised concerns about the safety of his Horizon bridge as far back as April.
The security of the Horizon Bridge was hung on a “multisig” wallet that only required two signatures to initiate transactions. Some researchers speculate that the breach was the result of a “private key compromise” in which hackers obtained the password, or passwords, required to access a crypto wallet.
Harmony was not immediately available for comment when contacted by CNBC.
It follows a series of notable attacks on other blockchain bridges. Ronin Network, which supports the crypto game Axie Infinity, lost more than 600 million dollars in a security breach that took place in March. Wormhole, another popular bridge, lost over $ 320 million in a separate hack a month earlier.
The robbery adds to a stream of negative news in crypto lately. The crypto-lenders Celsius and Babel Finance stopped withdrawals after a sharp fall in the value of their assets resulted in a liquidity crisis. Meanwhile, the beleagured crypto hedge fund Three Arrows Capital could be set to default on a $ 660 million loan from brokerage firm Voyager Digital.