Harmony’s Horizon Bridge has been hacked for $100 million

The Horizon bridge to Harmony’s layer 1 blockchain has been exploited to get $100 million worth of altcoins being exchanged for Ether (ETH).

The hack may vindicate concerns previously raised by the community about the robustness of the two-out-of-four multisig that supposedly secures the bridge.

From 7:08 a.m. to 7:26 a.m. ET, 11 transactions were made from the bridge for various tokens. They have since started sending tokens to a different wallet to exchange for ETH on the Uniswap decentralized exchange (DEX), and then sending the ETH back to the original wallet.

So far, Frax (FRAX), Wrapped Ether (WETH). Aave (AAVE), Sushi (SUSHI), Frax Share (FXS), AAG (AAG), Binance USD (BUSD). Dai (DAI), Tether (USDT), Wrapped BTC (WBTC), and USD Coin (USDC) have all been stolen from the bridge via this exploit.

The Horizon bridge makes it easy to transfer tokens between Harmony and the Ethereum network, Binance chain, and Bitcoin. Harmony, the bridge operator, ad late on June 23 that the bridge has been stopped. He said that the BTC bridge and its assets have not been affected by the attack.

Harmony’s team also said it was working with “national authorities and forensic specialists” to determine who is responsible. An autopsy will surely be performed.

The developers and Harmony co-founder Nick White did not respond to requests for comment. Harmony is a layer 1 blockchain that uses proof-of-stake consensus. Its native token is ONE.

Concerns have previously been raised about the robustness of Horizon’s multisig wallet on Ethereum, which only required two of four signers to drain funds. One of the founders of cryptocurrency-focused venture fund Chainstride Capital, Ape Dev, he pointed on Twitter on April 2 that the low number of required signers would leave the bridge open for “another 9-figure hack.”

Ape Dev’s prediction appears to have come true, as the bridge is down $100 million in assets.

He is far from the only crypto developer who has qualms about the security of bridge tokens.

Vitalik Buterin discussed the issues with token bridges in a Reddit post this January. He stated that when the bridges are exploited, the liquidity of each affected chain is endangered. He added that as the number of token bridges increases, the threat of a 51% attack on one chain could present a higher risk of contagion to others.

Since his prediction, the Meter Token Bridge, the Ronin Bridge of Axie Infinity, and the Wormhole Bridge have each been mined for a combined value of nearly a billion dollars.

Multisigs are a constant security issue in attacks. Ronin’s bridge was secured by nine validators, only five of which were needed to verify a transaction. The attacker took control of the five necessary validators and mined more than $600 million in assets.

The market does not seem to have responded to the attack yet, as the prices of all the coins and tokens in question have not made a significant movement. However, ONE has fallen 7.4% in the last 24 hours, with most of the drop occurring in the last 5 hours. It is trading at $0.024 according to CoinGecko.

Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.

Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.

Source link

Leave a Comment