Harmony (ONE) Offers $1M Bounty for Return of Stolen Funds

Share Article
In Brief
  • Harmony Protocol is offering a $1 million bounty for return of funds stolen in an attack.

  • The hacker is invited to contact Harmony by email.

  • Harmony had initially reached out to the attacker on June 24.

  • promo

    Top Crypto Exchanges Without KYC Read Now

The Trust Project is an international consortium of news organizations building standards of transparency.

Harmony Protocol, which lost $100 million in a bridge attack earlier this week, has announced a $1 million bounty for returning stolen funds and an explanation for the breach.

In addition, the company, which specializes in cross-chain bridges, announced that it would lobby for no criminal charges after the money is returned.

It supplied an email ([email protected]) and an Ethereum wallet (0xd6ddd996b2d5b7db22306654fd548ba2a58693ac) address for the attacker to get in touch.

It remains to be seen whether the hacker will accept the bounty, which is only 1% of the stolen funds. They hold $98 million of the stolen funds in an Ethereum wallet and about $1.79 million at a Binance Smart Chain address.

Harmony first reached out to the hacker on June 24, indicating that they were interested in negotiations, even if done anonymously.

Harmony exploit used compromised private keys

Harmony, a proof-of-stake blockchain, lost $100 million after hackers targeted the Horizon bridge used for transferring tokens between the Ethereum network and the Binance Smart Chain. The exploit used compromised private keys, according to security firm Peckshield.

Private information from two of four crypto wallets supporting the bridge was used to siphon $100 million in ether, Binance Coin, and three stablecoins, to an external wallet. According to forensics firm Elliptic, these were swapped for ether using a decentralized exchange.

A Twitter user going by the pseudonym @_apedev pointed out the vulnerability to Harmony in April.

Cross-chain bridge vulnerabilities

Blockchains have native tokens incompatible with other blockchains. For example, ether can only be used on the Ethereum blockchain, while bitcoin can be used on the Bitcoin network. Cross-chain bridges enable exchanges of tokens between different blockchains. However, they are complex, with software often developed by an anonymous team.

To use your currency of choice on the Bitcoin network involves using a bridge to convert your token to “wrapped bitcoin,” an alternative store of value on the target network similar to a voucher. Smart contracts handle the conversion.

The wrapped bitcoin is underwritten by actual bitcoins on the bridge, which become a target for hackers since it is often unclear how the funds on the bridge are protected.

Bridges were not needed in the early days of crypto circa 2009, as the Bitcoin network was the only blockchain. Fast forward 13 years later, and you have the explosion of decentralized finance demanding the chasm between blockchains be bridged.

To date, one of the largest bridge hacks saw over $600 million stolen from the Ronin bridge used by Sky Mavis for their play-to-earn game Axie Infinity in March. This hack, which resulted from a private key compromise, took the total loss from bridge hacks to $1 billion.

Harmony’s ONE token fell to a seven-day low on June 24, trading at $0.0236. It recovered slightly to $0.0244 at press time, according to Coingecko.

Disclaimer

All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Share Article

David is an electronic engineer with nine years of experience. He joined BeInCrypto to combine his passion for writing and his interest in fast-moving industries, cultivated from his university days. He hopes to make crypto easy to understand.

Follow Author