As if crypto markets and the overall ecosystem were not in a bad place already, things have just got much worse for Harmony Protocol.
Harmony posted that it “identified a theft” occurring on the Horizon bridge. The exploit was to the tune of around $100 million in various crypto assets which were sent to the hacker’s Ethereum address.
At the time of writing, 85,867 sat in this address worth an estimated $99.3 million.
A few hours after the exploit, Harmony tweeted that it was “working around the clock as we continue our investigation alongside the FBI and multiple cyber security firms.”
At the time, it stated that it did not impact the trustless BTC bridge as funds and assets stored on decentralized vaults were safe.
Another bridge attack
This latest attack follows the Ronin bridge exploit in March, the crypto industry’s largest resulting in the loss of more than $600 million. A month earlier, hackers pilfered more than $300 million from the Wormhole bridge.
Harmony is a highly scalable, proof-of-stake, Layer-1 blockchain. Binance partnered with Harmony for an Initial Exchange Offering (IEO) in May 2019.
The Horizon bridge is the gateway between Harmony and other networks such as Ethereum, Bitcoin, and Binance Chain.
Concerns were raised about the Horizon bridge by Chainstride Capital founder “@_apedev” in April. He did some digging to reveal that the security was governed by a multisig wallet with four owners. Only two were required to execute an arbitrary transaction he observed, stating at the time:
“So all in all, if two of the four multisig signers are compromised, we’re going to see another nine figure hack.”
Multisigs for bridges continues to be a point of weakness for crypto protocols since not all signatories are required to conduct a transaction.
This time, it was Harmony Protocol that found out the hard way. According to DeFiYield’s Rekt database, this exploit will be the industry’s fourteenth largest.
ONE price plunge
The damage to Harmony’s native token, ONE, has not been that bad all things considered. The token has lost around 11% over the past 12 hours or so.
ONE was trading at $0.024 at the time of writing, after falling almost 40% in the past fortnight according to CoinGecko. ONE is currently trading down 93.7% from its Oct all-time high of $0.379.
BeInCrypto has reached out to company or individual involved in the story to get an official statement about the recent developments, but it has yet to hear back.