Horizon Bridge to the Harmony layer-1 blockchain has been used for $ 100 million in altcoins that are being replaced by Ether (ETH).
The burglary could justify the community’s previous concern about the strength of two of the four multisig that allegedly secure the bridge.
From 7:08 to 7:26 ET, 11 entries were made from the bridge for various symbols. They have since started sending tokens to another wallet to exchange for ETH on the Uniswap Distributed Exchange (DEX), and then send ETH back to the original wallet.
1 / The Harmony team has identified a theft that took place this morning on the Horizon Bridge amounting to approx. $ 100MM. We have started working with national authorities and forensic experts to identify the culprit and recover the stolen funds.
– Harmony (@harmonyprotocol) June 23, 2022
To date, Frax (FRAX), Wrapped Ether (WETH). Aave (AAVE), Sushi (SUSHI), Frax Share (FXS), AAG (AAG), Binance USD (BUSD). Dai (DAI), Tether (USDT), Wrapped BTC (WBTC) and USD Coin (USDC) have been stolen from the bridge through these exploits.
The Horizon Bridge facilitates the transfer of tokens between Harmony and the Ethereum network, Binance Chain and Bitcoin. Harmony, the bridge operator, announced late June 23 that the bridge was stopped. It said the BTC bridge and its assets were not affected by the attack.
The Harmony team also said it was working with “national authorities and forensic experts” to determine who was responsible. An autopsy is likely to follow.
Harmony’s designers and co-founder Nick White did not respond to requests for comment. Harmony is a layer-1 blockchain with a consensus on proof of object. Its native symbol is ONE.
Concerns have previously been expressed about the trust of the Horizon multisig wallet on Ethereum, which needed only two of the four signatories to empty the money. Founder of Chainstride Capital cryptographic venture capital fund Ape Dev noted on Twitter on April 2 that a small number of required signatories would leave the bridge open for “another 9-digit hack”.
The security of the bridge is currently based on a multisig wallet used on 0x715CdDa5e9Ad30A0cEd14940F9997EE611496De6. It has four owners, two of whom need to agree to carry out an arbitrary transaction (ie empty $ 330m). image.twitter.com/sgYmyPrYgf
– Ape Dev (@_apedev) April 1, 2022
Ape Dev’s forecast seems to have come true as the bridge has now fallen by $ 100 million in assets.
He is far from being the only cryptographic developer who has problems with the security of token bridges.
Vitalik Buterin discussed issues with token bridges in a January Reddit post. He argued that when bridges are exploited, it threatens the liquidity of any affected chain. He added that as the number of token bridges increases, the risk of a 51% attack on one chain could create a greater risk of infection for others.
From his forecast, the Meter bridge, the Ronin bridge from Axie Inifinity and the wormhole bridge were each used for almost 1 billion dollars.
National authorities and forensic experts should investigate * you * to find out what kind of broken security practices allowed this “theft” to take place.
– Chris Blec (@ChrisBlec) June 24, 2022
Multisigs are a persistent security issue in attacks. The Ronin Bridge was secured by nine certifiers, only five of whom were needed to confirm the transaction. The attacker seized the required five legal entities and seized over $ 600 million in assets.
Connected: Chainalysis introduces reporting services for companies targeting cryptographic attacks
The market does not yet appear to have responded to the attack as the prices of all the coins and tokens in question have not changed significantly. On the other hand, ONE has fallen by 7.4% in the last 24 hours, but most of the fall has occurred in the last 5 hours. It’s trading at $ 0.024 according to CoinGecko.
Mail Bonus – #Breaking #Harmonys #Horizon #Bridge #hacked #100M