The Harmony team has identified a theft taking place this morning (June 24, 2022) on the Horizon bridge amounting to approximately $100 million.
3/ Note this does not impact the trustless BTC bridge; its funds and assets stored on decentralized vaults are safe at this time.
— Harmony 💙 (@harmonyprotocol) June 23, 2022
The Harmony team further revealed that they’ve started working with national authorities and forensic specialists “to identify the culprit and retrieve the stolen funds.”
The team clarified that this does “not impact the trustless BTC bridge; its funds and assets stored on decentralized vaults are safe at this time.”
The update also mentioned that they’ve “notified exchanges and stopped the Horizon bridge to prevent further transactions.” The team is all “hands on deck as investigations continue.”
The team will “keep everyone up-to-date as we investigate this further and obtain more information,” according to Harmony’s official Twitter account.
It’s worth noting that Horizon Bridge says it is extensively audited by blockchain security company Peckshield.
This recent exploit against DeFi/decentralized protocols, cross-chain bridges and similar initiatives comes after a $20 million theft from Ethereum scaling platform Optimism.
Recently, there had also been a $320 million hack/security breach against Solana bridge Wormhole.
Ethereum-associated sidechain Ronin Network, which is primarily used for blockchain game Axie Infinity, had also experienced a damaging hack earlier this year when $620 million in funds had reportedly been stolen.
As confirmed in the update, the L1 blockchain’s main bridge between Ethereum, Binance Chain, and Bitcoin was exploited, however, the BTC bridge has not been impacted.
The Horizon Bridge to the Harmony L1 (proof of stake) blockchain was exploited for $100 million in altcoins which were then being exchanged for Ethereum (ETH).
The hack seemingly highlights the community concerns raised about the overall robustness of the two of four multisig that are used to secure the bridge.
Beginning at around 7:08 am until 7:26 am ET, 11 transfers had been made from the bridge for several different crypto tokens.
The bad actor(s) had also been sending the digital tokens to another wallet in order to swap for ETH via the Uniswap DEX, and then sending the ETH tokens back to the hacker’s original wallet.