See More

Harmony (ONE) Offers $1M Bounty for Return of Stolen Funds

2 mins
Updated by Geraint Price
Join our Trading Community on Telegram

In Brief

  • Harmony Protocol is offering a $1 million bounty for return of funds stolen in an attack.
  • The hacker is invited to contact Harmony by email.
  • Harmony had initially reached out to the attacker on June 24.
  • promo

Harmony Protocol, which lost $100 million in a bridge attack earlier this week, has announced a $1 million bounty for returning stolen funds and an explanation for the breach.

In addition, the company, which specializes in cross-chain bridges, announced that it would lobby for no criminal charges after the money is returned.

It supplied an email ([email protected]) and an Ethereum wallet (0xd6ddd996b2d5b7db22306654fd548ba2a58693ac) address for the attacker to get in touch.

It remains to be seen whether the hacker will accept the bounty, which is only 1% of the stolen funds. They hold $98 million of the stolen funds in an Ethereum wallet and about $1.79 million at a Binance Smart Chain address.

Harmony first reached out to the hacker on June 24, indicating that they were interested in negotiations, even if done anonymously.

Harmony exploit used compromised private keys

Harmony, a proof-of-stake blockchain, lost $100 million after hackers targeted the Horizon bridge used for transferring tokens between the Ethereum network and the Binance Smart Chain. The exploit used compromised private keys, according to security firm Peckshield.

Private information from two of four crypto wallets supporting the bridge was used to siphon $100 million in ether, Binance Coin, and three stablecoins, to an external wallet. According to forensics firm Elliptic, these were swapped for ether using a decentralized exchange.

A Twitter user going by the pseudonym @_apedev pointed out the vulnerability to Harmony in April.

Cross-chain bridge vulnerabilities

Blockchains have native tokens incompatible with other blockchains. For example, ether can only be used on the Ethereum blockchain, while bitcoin can be used on the Bitcoin network. Cross-chain bridges enable exchanges of tokens between different blockchains. However, they are complex, with software often developed by an anonymous team.

To use your currency of choice on the Bitcoin network involves using a bridge to convert your token to “wrapped bitcoin,” an alternative store of value on the target network similar to a voucher. Smart contracts handle the conversion.

The wrapped bitcoin is underwritten by actual bitcoins on the bridge, which become a target for hackers since it is often unclear how the funds on the bridge are protected.

Bridges were not needed in the early days of crypto circa 2009, as the Bitcoin network was the only blockchain. Fast forward 13 years later, and you have the explosion of decentralized finance demanding the chasm between blockchains be bridged.

To date, one of the largest bridge hacks saw over $600 million stolen from the Ronin bridge used by Sky Mavis for their play-to-earn game Axie Infinity in March. This hack, which resulted from a private key compromise, took the total loss from bridge hacks to $1 billion.

Harmony’s ONE token fell to a seven-day low on June 24, trading at $0.0236. It recovered slightly to $0.0244 at press time, according to Coingecko.

Top crypto projects in the US | May 2024



In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

David Thomas
David Thomas graduated from the University of Kwa-Zulu Natal in Durban, South Africa, with an Honors degree in electronic engineering. He worked as an engineer for eight years, developing software for industrial processes at South African automation specialist Autotronix (Pty) Ltd., mining control systems for AngloGold Ashanti, and consumer products at Inhep Digital Security, a domestic security company wholly owned by Swedish conglomerate Assa Abloy. He has experience writing software in C,...