The Harmony development group announced on June 23rd 2022 that $100 million had been siphoned off the Horizon bridge. They explained they were working closely with national authorities as well as forensic experts. According to an account published Polygon’s chief information security officer, Mudit Gupta, the Horizon bridge attacker allegedly took control of the multi-signature wallet leveraged in Harmony’s bridge.
Harmony’s Multi-Sig Exploited Polygon’s CSO Says, Harmony Protocol’s Founder Found Evidence That ‘Private Keys Were Compromised’
Harmony said that Harmony was attacked on the Horizon bridge three days prior and the team saw $100 million taken from the Horizon Bridge. “The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100 [million],” Harmony tweetedThis Thursday. “We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds,” the Harmony team added.
Following the exploit, the very next day, Polygon’s chief information security officer, Mudit Gupta, saidThe bridge was 2 of 5 multisignature schemes, so anyone who has two addresses could take over. “The hacker compromised 2 addresses and made them drain the money,” Gupta added. Gupta said while the details aren’t public yet he summarized what he believes took place during the hack. “The two addresses were likely hot wallets used to listen for and process legit bridging transactions,” Gupta explained.
“The attacker compromised the server(s) that these hot wallets were running on,” the Polygon CSO wrote on Friday. “Once inside the server, they could access the keys that were kept in plaintext for signing legit transactions. It was possible that the exploit of server was either SSH key compromise, or social engineering. This is eerily similar to how Ronin was hacked.” The analyst further added:
This was not a ‘Blockchain Hack.’ It was a ‘Traditional Hack.’ I’ve been begging protocols to focus on traditional security too alongside blockchain security for months now…
Additionally, incident reportThe author Harmony Protocol’s founder says “the team has found evidence that private keys were compromised, leading to the breach of our Horizon bridge — Funds were stolen from the Ethereum side of the bridge.” The Harmony founder also noted that “confidentiality is key to maintain integrity as part of this ongoing investigation — The omission of specific details is to protect sensitive data in the interest of our community.”
Let us know your thoughts on the Harmony deal worth $100 million. Please comment below to let us know your thoughts on this topic.
Images CreditsShutterstock. Pixabay. Wiki Commons