Harmony’s Horizon Bridge has been hacked for the sum of $100 million, becoming the latest of the bridges whose security frailty will be exploited in recent months.
The Harmony team unveiled the hacking event earlier today, noting that it has instituted preliminary actions to restore normalcy to the Horizon Bridge.
1/ The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.
— Harmony 💙 (@harmonyprotocol) June 23, 2022
Per data shared, the attack occurred from about 7:08 am until 7:26 am ET, at which time a total of 11 transactions were initiated on the bridge by the attacker. The attackers were notably pushing the funds to other wallets in order to swap the tokens on Uniswap (UNI) decentralized exchange which they then are sent back to the original wallet.
“The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM,” the Harmony team said in a tweet, adding that it is coordinating with the relevant bodies to identify the attackers. “We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.”
The Horizon bridge is used to connect the Harmony protocol with Ethereum (ETH), BNB Chain, and Bitcoin (BTC). The team confirmed that while Ethereum and BNB Chain were affected, it said the Bitcoin bridge was not affected by the hack and that the funds are safe. Thus far, Frax (FRAX), Wrapped Ether (WETH), Aave (AAVE), Sushi (SUSHI), Frax Share (FXS), AAG (AAG), Binance USD (BUSD), Dai (DAI), Tether (USDT), Wrapped BTC (WBTC), and USD Coin (USDC) is among the identified tokens that have been stolen through the attack.
The exploitation of the Horizon bridge has more or less been prophesied for a while now as there have been community concerns about the security of the bridge’s Multisig wallet infrastructure. According to the founder of Chainstride Capital crypto-focused venture fund, Ape Dev, controlling the 2 out of four signees controlling the wallet.
Harmony’s Horizon Bridge Attack Is One Out of Many
Harmony’s Horizon bridge exploit may be the latest in the industry, but it is by no means the first of the year. The concerns about the security frailty of Multisig wallet designs have been flagged by many industry leaders including Ethereum’s co-founder, Vitalik Buterin.
In a Reddit post earlier this year, Buterin warned that the constant exploit of token bridges can affect the overall liquidity in the digital currency ecosystem. Since the warning, more protocols have been hacked with the most publicized being the Axie Infinity’s Ronin Bridge attack which saw more than $620 million carted away.