Harmony One's Horizon Bridge hacked and over $100 million embezzled


The hack may justify community concerns previously raised about the power of two of the four multisigs that are said to secure the bridge.

Hackers news

From about 7:08 AM ET until 7:26 AM ET; 11 transactions were made from the bridge for different tokens. They have since started sending tokens to a different wallet to exchange ETH on the Uniswap (DEX) decentralized trading platform; Then send ETH back to the original wallet.

So far, Frax (FRAX), ether (wETH). Aave (AAVE), SushiSwap (SUSHI), Frax Share (FXS), AAG (AAG), Binance USD (BUSD), Dai (DAI), Tether (USDT), Wrapped BTC (wBTC) and USD Coin (USDC) were stolen from Bridge through these exploits.

The Horizon Bridge facilitates transfers between Harmony and the Ethereum network, Binance Chain, and Bitcoin. Harmony, the bridge operator, announced late Thursday night that the bridge had been discontinued. She said that the BTC bridge and its assets were not affected by the attack.

Harmony's team also said it was working with "national authorities and forensic professionals" to determine who was responsible.

Concerns were previously expressed about the safety of the Horizon multisig wallet on Ethereum; Which only requires two of the four signatories to drain the funds. The founder of the crypto-focused venture capital fund Chainstride Capital Ape Dev noted on Twitter on April 2 that the low number of wanted sites would leave the bridge open for “another 9-digit hack.”

Ape Dev's prediction appears to have come true as the bridge is now down $100 million in assets.

He is far from the only developer in the cryptocurrency space who is upset about the security of Token Bridges.

Vitalik Buterin discussed the issues with token bridges in a Reddit post back in January of this year. Suppose that when bridges are exploited; This threatens the liquidity of each affected chain. He added that with the increase in the number of token bridges ; The threat of a 51% attack on one chain may present a higher risk of infection to others.

Since its anticipation, the Meter's token bridge, Axie Inifinity's Ronin Bridge, and Wormhole Bridge have been tapped for nearly $1 billion combined.

Multiple signatures are a persistent security issue in attacks. The Ronin Bridge was secured by nine auditors; Only five of them are required to verify the transaction. 

The attacker gained control of the five most-wanted auditors and extracted more than $600 million in assets.

The market doesn't seem to have responded to the attack yet as the prices of all the coins and tokens involved haven't made a big move. However, ONE is down 7.4% in the past 24 hours; With the most falls in the past five hours. It is trading at $0.024 according to CoinGecko.