Hackers exploit horizon bridge, steal $100 million

69
1
Hackers exploit horizon bridge, steal $100 million

On June 24, Harmony Protocol ONE said a hacker exploited its horizon bridge, and about $100 million worth of token stolen on the bridge.

One of the biggest attacks in recent weeks has been a recent one. Harmony has started working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds. The team said that the exploit did not affect the trustless Bitcoin BTC Bridge, and assets that are stored in decentralized vaults are safe.

The Horizon bridge connects the Harmony protocol with other networks, such as the Binance Smart Chain and the Harmony protocol, allowing the transfers of cryptocurrencies, stable coins, and NFTs between the Harmony network and the network.

Harmony was warned of the vulnerability.

In April, a researcher and developer Ape Dev warned about Harmony's weak security. They predicted that a malicious party could exploit it in an attack that could lead to losses of up to $330 million.

The attacker moved the funds using three attack addresses in 12 transactions, according to available information. They could move funds to other tokens such as ETH, WBTC, USDT, AAVE, WETH, FXS, SUSHI, FRAX, DAI, BUSD, and AAG.

The attacker was able to gain control of the MultiSigWallet and confirmed the transactions to transfer the stolen funds directly.

While the identity of the hacker remains unknown, the fact that the Harmony team could have prevented the attack raises questions about its security amongst the community.

As of press time, most of the stolen token were still in the attacker's wallet. The attacker has started converting the stolen funds into ETH through Uni swap.