Hackers Steal $100 Million by Exploiting Harmony’s Bridge

Hackers seized a blockchain bridge platform, Harmony and exploited over $100 million worth of cryptocurrencies last night. On Thursday, crypto firm Harmony’s blockchain bridge, known as Horizon, announced that it was hacked for $100 million, becoming the latest major hack of a blockchain bridge in recent months.

Blockchain functions as a decentralized ledger, a record of publicly available and verifiable transactions but not maintained by any one person, making it useful for tracking digital currency. A blockchain bridge is essentially a decentralized transfer between ledgers — making it a prime target for crafty opportunists.

Hackers have increasingly exploited the security vulnerabilities of blockchain bridges, which enable users to transfer their digital assets across blockchains. Horizon’s Harmony bridge allows transfers of tokens between the Ethereum network and the Binance Smart Chain. Harmony also operates another blockchain bridge for Bitcoin, which it says was not impacted by the hack.

1/ The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.

More 🧵

— Harmony 💙 (@harmonyprotocol) June 23, 2022

Harmony, a blockchain company, said in a series of tweets Thursday evening that hackers exploited the company’s Ethereum and Binance Chain bridge in a theft amounting to $100 million. Harmony’s Horizon hack follows on the heels of other high-profile attacks on blockchain bridges, including Axie Infinity’s Ronin bridge, which saw $600 million of crypto disappear this past March, and Wormhole, which lost $320 million in a criminal heist in February.

“The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100M,” developers said in a tweet. “We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.”

Harmony disclosed that a single account was behind the attack. Harmony did not specify how hackers breached its system but said it was working with the FBI and other forensic specialists at cybersecurity companies to investigate the hack. It also posted an online address of the suspected culprit.

How was the hack performed?

Horizon bridge relies on a “multisig” wallet, which allows transactions to be conducted with just two signatures, a vulnerability that hackers could have exploited. It is common for hacks to compromise private keys to access a crypto wallet.

“Note this does not impact the trustless BTC bridge; its funds and assets stored on decentralized vaults are safe now. We have also notified exchanges and stopped the Horizon bridge to prevent further transactions. The team is all hands-on deck as investigations continue. We will keep everyone up to date as we investigate this further and obtain more information.” Harmony added that it had stopped deposits and withdrawals on the bridge and informed crypto exchanges of the hack.

As cryptocurrency’s popularity has grown, criminals have increasingly targeted it. Crypto crime hit a fresh all-time high of $14 billion last year, according to research from Chainalysis, up from $7.8 billion in 2020.