Hacker exploits Harmony blockchain bridge, loots $100M in crypto – TechCrunch
hacker exploits harmony blockchain bridge, loots $100m in crypto –

Hacker exploits Harmony blockchain bridge, loots $100M in crypto – TechCrunch

A hacker has exploited a vulnerability to steal $100 million from Harmony’s Horizon Bridge, which allows users to transfer their crypto assets from one blockchain to another.

Harmony, the U.S. crypto startup behind Horizon, said in a blog post on Friday that it was notified of a “malicious attack” on its proprietary Horizon blockchain bridge on Thursday. Blockchain bridges, also known as cross-chain bridges, facilitate communication between different blockchains and allow users to send assets from one chain to the other. Using Harmony’s Horizon bridge, for example, users can move assets — including tokens, stablecoins, and NFTs — between Ethereum, Binance Smart Chain and Harmony blockchains.

Harmony said the culprit of the attack — which the company singled out in a tweet — stole close to $100 million in cryptocurrency from its blockchain bridge.

According to blockchain analysis company Elliptic, a variety of crypto assets were taken, including Ethereum, Binance Coin, Tether, USD Coin and Dai. Elliptic added that the stolen tokens have now been swapped for Ethereum using decentralized exchanges — a “commonly seen technique with these hacks,” it said.

Harmony said in its blog post that immediately following the attack, multiple cybersecurity partners, exchange partners and the FBI were notified and requested to assist with an investigation in identifying the culprit and retrieving stolen assets. “Further, the team has attempted communication with the hacker with an embedded message in a transaction to the culprit’s address,” the blog post read.

Harmony added that it had stopped the Horizon bridge to prevent further transactions. Harmony’s bridge for bitcoin was unaffected.

“This incident is a humbling and unfortunate reminder of how our work is paramount to the future of this space, and how much of our work remains ahead of us,” the blog post said. “Ongoing investigations present a challenge of what information is allowed to be shared with the public, but we will continue to provide updates with the latest information as soon as we are able to share.”

Harmony has not revealed exactly how the funds were stolen and did not comment when contacted by TechCrunch.

However, one investor who goes by the handle Ape Dev had concerns about the security of its Horizon bridge as far back as April. The researcher warned on Twitter that the security of the Horizon bridge hinged on a multisignature — or “multisig” — wallet that required just two signatures to initiate transactions. Multisig wallets require the consent of multiple parties for ensuring additional security on transactions.

“So all in all, if two of the four multisig signers are compromised, we’re going to see another nine-figure hack,” Ape Dev, founder of crypto venture fund Chainstride Capital, wrote on April 1. “Considering all that’s been going on lately, it’d be interesting to hear some details from @harmonyprotocol on how these [externally owned accounts] are secured.”

The Harmony bridge hack follows a series of notable attacks on other blockchain bridges. The Ronin Network, an Ethereum-based sidechain made for the popular play-to-earn game Axie Infinity, lost more than $600 million in March, an attack which U.S. officials have since linked to North Korean state-backed hacking group Lazarus. Similarly, decentralized finance  platform Wormhole lost almost $325 million to hackers in February after they exploited a security flaw in its smart contract code.

Go to the source link

Check Also



重度の肝疾患を患う人がまもなく、かつてない治療を受ける。機能しなくなった本人の肝臓の代わりとなるミニ肝臓を体内で育てるという治療だ。ライジェネシス(LyGenesis)という企業の研究者は肝臓で上手くいったら胸腺、膵臓といった臓器を同じ手法で体内に作り出すことを考えている。 こちらは会員限定の記事です。メールアドレスの登録で続きを読めます。 会員登録して読む ログインして読む 有料会員にはメリットがいっぱい! 毎月120本以上更新されるオリジナル記事で、人工知能から遺伝子療法まで、先端テクノロジーの最新動向がわかる。 オリジナル記事をテーマ別に再構成したPDFファイル「eムック」を毎月配信。重要テーマが押さえられる。 各分野のキーパーソンを招いたトークイベント、関連セミナーに優待価格でご招待。 有料プランの詳細を見る こちらは有料会員限定の記事です。有料会員になると制限なしにご利用いただけます。 有料会員にはメリットがいっぱい! 毎月120本以上更新されるオリジナル記事で、人工知能から遺伝子療法まで、先端テクノロジーの最新動向がわかる。 オリジナル記事をテーマ別に再構成したPDFファイル「eムック」を毎月配信。重要テーマが押さえられる。 各分野のキーパーソンを招いたトークイベント、関連セミナーに優待価格でご招待。 有料プランの詳細を見る …

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.