Harmony Protocol’s Horizon bridge exploited, $100M stolen Harmony Protocol’s Horizon bridge exploited, $100M stolen

Harmony Protocol’s Horizon bridge exploited, $100M stolen

Harmony has suspended the operations of the exploited bridge and has informed the authorities about the hack.

Harmony Protocol’s Horizon bridge exploited, $100M stolen

Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.

Layer-1 blockchain network Harmony Protocol (ONE) said on June 24 that a hacker exploited its horizon bridge, and roughly $100 million worth of tokens on the bridge were stolen.

The attack is one of the biggest in recent weeks. Harmony said it has started “working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.”

The team added that the exploit did not affect the trustless Bitcoin (BTC) Bridge, and assets stored in decentralized vaults remain safe.

The Horizon bridge connects the Harmony protocol with other networks such as Ethereum and Binance Smart Chain, allowing the transfers of cryptocurrencies, stablecoins, and NFTs between the Harmony blockchain and the network.

Harmony was warned of the vulnerability

In April, blockchain developer and researcher Ape Dev warned about Harmony’s weak security. They predicted that a malicious party could exploit it in an attack that could lead to losses of up to $330 million.

According to available information, the attacker moved the funds in 12 transactions using three attack addresses. As a result, they could move funds to tokens such as ETH, WBTC, USDT, AAVE, WETH, FXS, SUSHI, FRAX, DAI, BUSD, and AAG.

The attacker was able to gain control of the MultiSigWallet and confirmed the transactions to transfer the stolen funds directly.

While the hacker’s identity remains unknown, the fact that the Harmony team could have prevented the attack will raise questions about its security amongst the crypto community.

Most of the stolen tokens were still in the attacker’s wallet as of press time. However, the attacker has started converting the stolen funds into ETH through Uniswap.

Posted In: Hacks