The team behind the layer-1 blockchain Harmony (ONE) has offered the Horizon Bridge hacker USD 1m in bounty for the return of some USD 100m in stolen funds.
“We commit to a [USD] 1M bounty for the return of Horizon bridge funds and sharing exploit information,” Harmony
We commit to a $1M bounty for the return of Horizon bridge funds and sharing exploit information.
Contact us at [email protected] or ETH address 0xd6ddd996b2d5b7db22306654fd548ba2a58693ac.
Harmony will advocate for no criminal charges when funds are returned.
— Harmony 💙 (@harmonyprotocol) June 26, 2022
said in a Twitter post on Sunday, sharing a contact email and an Ethereum (ETH) address.
The company also pledged not to advocate for criminal charges when funds are returned.
Meanwhile, the blockchain’s native token ONE keeps dipping. At 7:26 UTC on Monday, the coin is down by more than 4% in a day and 11% in a week. Furthermore, it is down by nearly 94% compared to its all-time high.
The bounty is the latest attempt by the Harmony team to recover approximately USD 100m that was stolen last week from Horizon Bridge, a cross-chain interoperability platform between Ethereum, Binance Smart Chain (BSC), and Harmony blockchain networks.
Harmony first revealed the exploit in a
1/ The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.
More 🧵
— Harmony 💙 (@harmonyprotocol) June 23, 2022
tweet in the early hours of Friday morning, saying that they had “identified a theft occurring this morning on the Horizon bridge amounting to approx. [USD] 100MM.” The team also claimed they began reaching out to cyber security specialists, exchanges, and the FBI.
The Harmony team
Our investigation team is comprised of engineers located around the world including the US, Greece, India, and Cambodia.
Team members handed off their findings to our US colleagues at 8:30 AM PST who have resumed the investigation alongside our cyber security partners.
— Harmony 💙 (@harmonyprotocol) June 24, 2022
stated that their investigation team is made up of engineers from around the world and across five time zones, including the US, Greece, India, and Cambodia.
In an update, blockchain analysis firm Elliptic
A variety of assets were taken, including ETH, BNB, USDT, USDC and DAI. The stolen tokens have now been swapped for ETH using decentralised exchanges – a commonly-seen technique with these hacks.
— elliptic (@elliptic) June 24, 2022
said that the funds “were stolen on both Ethereum and Binance Smart Chain,” detailing that a variety of crypto assets were taken, including Ethereum, Binance Coin, Tether, USD Coin, and Dai, all of which were swapped for ETH.
Stephen Tse, founder and CEO at Harmony, said in a Sunday tweet that they have found no evidence of a smart contract code breach or any vulnerability on the Horizon platform.
“The team has found evidence that private keys were compromised, leading to the breach of our Horizon bridge. Funds were stolen from the Ethereum side of the bridge,” Tse
3/ The team has found evidence that private keys were compromised, leading to the breach of our Horizon bridge. Funds were stolen from the Ethereum side of the bridge.
— stephen tse 💙 s.one 🌉 stse.eth (@stse) June 26, 2022
said.
Harmony’s private keys were “doubly encrypted using a passphrase and a key management service,” Tse claimed, adding that the attacker managed to access and decrypt a number of these keys and use them to sign the unauthorized transactions.
7/ We have migrated the Ethereum side of the Horizon bridge to a 4-of-5 multisig since the incident. We will continue taking steps to further harden our operations and infrastructure security.
— stephen tse 💙 s.one 🌉 stse.eth (@stse) June 26, 2022
The Horizon Bridge hack follows a number of other bridge hacks so far this year that have cumulatively contributed to the loss of over USD 1bn,
Assets were stolen on both Ethereum and Binance Smart Chain. Over $1 billion has been stolen from cross-chain bridges so far this year. 2/x
— elliptic (@elliptic) June 24, 2022
according to Elliptic.
Among the more notable bridge hacks, the Ronin Network, an Ethereum-based sidechain made for the popular play-to-earn game Axie Infinity, was exploited for more than USD 600m while decentralized finance (DeFi) platform Wormhole lost almost USD 325m to hackers in February.
Source: Cryptonews
