Hackers Steal $100M In Crypto From Harmony’s Horizon Bridge

So-called blockchain bridges have become a prime target for hackers looking to exploit vulnerabilities in the world of decentralized finance.

Jakub Porzycki | NurPhoto | Getty Images

Hackers have stolen $100 million worth of cryptocurrency from Horizon, a so-called blockchain bridge, in the latest major heist in the world of decentralized finance.

Details of the attack are still scarce, but Harmony, the developers behind Horizon, said they identified the theft Wednesday morning. Harmony has picked an individual account that she believes is the culprit.

“We have begun working with national authorities and forensic specialists to identify the perpetrator and recover the stolen funds,” the start-up said in a tweet on Wednesday.

In a follow-up tweet, Harmony said it is working with the Federal Bureau of Investigation and multiple cybersecurity firms to investigate the attack.

Blockchain bridges play a huge role in the DeFi or decentralized financial space, providing users with a way to transfer their assets from one blockchain to another. In the case of Horizon, users can send tokens from the Ethereum network to Binance Smart Chain. Harmony said the attack did not affect a separate bridge for bitcoin.

Like other facets of DeFi, which aims to rebuild traditional financial services such as loans and investments on the blockchain, bridges have become a prime target for hackers due to vulnerabilities in their underlying code.

Bridges “maintain large stocks of liquidity,” making them a “tempting target for hackers,” according to Jess Symington, research leader at blockchain analytics firm Elliptic.

“To ensure that individuals can use bridges to move their money, assets are locked on one blockchain and unlocked or minted on another,” Symington said. “As a result, these services contain large amounts of cryptoassets.”

Harmony has not revealed exactly how the money was stolen. However, an investor had already raised concerns about the safety of its Horizon bridge in April.

The Horizon Bridge’s security relied on a “multisig” wallet that only needed two signatures to initiate transactions. Some researchers speculate that the breach was the result of a “private key compromise”, where hackers obtained the password or passwords necessary to access a crypto wallet.

Harmony was not immediately available for comment when CNBC contacted him.

It follows a series of notable attacks on other blockchain bridges. The Ronin Network, which supports crypto game Axie Infinity, lost more than $600 million in a security breach that occurred in March. Wormhole, another popular bridge, lost more than $320 million in a separate hack a month earlier.

The heist has been adding to a flood of negative news in crypto lately. Crypto lenders Celsius and Babel Finance have halted withdrawals after a sharp drop in the value of their assets sparked a liquidity crisis. Meanwhile, beleaguered crypto hedge fund Three Arrows Capital could default on a $660 million loan from brokerage firm Voyager Digital.

Leave a Comment