{"id":466953,"date":"2022-06-24T04:37:56","date_gmt":"2022-06-24T01:37:56","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/breaking-harmonys-horizon-bridge-hacked-for-100m\/"},"modified":"2022-06-24T04:37:56","modified_gmt":"2022-06-24T01:37:56","slug":"breaking-harmonys-horizon-bridge-hacked-for-100m","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/breaking-harmonys-horizon-bridge-hacked-for-100m\/","title":{"rendered":"# Breaking: Harmony&#8217;s Horizon Bridge hacked for $100M"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2739232b905\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2739232b905\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/breaking-harmonys-horizon-bridge-hacked-for-100m\/#%E2%80%9D_Breaking_Harmonys_Horizon_Bridge_hacked_for_100M_%E2%80%9C\" >&#8221; Breaking: Harmony&#8217;s Horizon Bridge hacked for $100M &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_Breaking_Harmonys_Horizon_Bridge_hacked_for_100M_%E2%80%9C\"><\/span>&#8221; Breaking: Harmony&#8217;s Horizon Bridge hacked for $100M &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDYvMjgzZjJjNzQtZjE4Ni00OWQzLTlhY2MtNjU1YTM5YjllOTQ3LmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-2a0745c6>The Horizon Bridge to the Harmony layer-1 blockchain has been exploited for $100 million in altcoins which are being sw<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ed for Ether (ETH).<\/p>\n<p>The hack may vindicate previously raised community concerns about the robustness of the two of four multisig that reportedly secures the bridge.<\/p>\n<p>Starting at about 7:08 am until 7:26 am ET, 11 <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/etherscan.io\/tokentxns?a=0x0d043128146654c7683fbf30ac98d7b2285ded00\">transactions<\/a> were made from the bridge for various tokens. They have since begun sending tokens to a <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/etherscan.io\/address\/0x9e91ae672e7f7330fc6b9bab9c259bd94cd08715#tokentxns\">different<\/a> wallet to swap for ETH on the Uniswap decentralized exchange (DEX), then sending the ETH back to the original wallet.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">1\/ The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.<\/p>\n<p>More <\/p>\n<p>\u2014 Harmony  (@harmonyprotocol) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/harmonyprotocol\/status\/1540110924400324608?ref_src=twsrc%5Etfw\">June 23, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\nSo far, Frax (FRAX), Wrapped Ether (WETH). Aave (AAVE), Sushi (SUSHI), Frax Share (FXS), AAG (AAG), Binance USD (BUSD). Dai (DAI), Tether (USDT), Wrapped BTC (WBTC), and USD Coin (USDC) have been stolen from the bridge through this exploit.<\/p>\n<p>The Horizon Bridge facilitates token transfers between Harmony and the Ethereum network, Binance Chain and Bitcoin. Harmony, the operator of the bridge, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/harmonyprotocol\/status\/1540110924400324608\">announced<\/a> late on June 23 that the bridge has been halted. It said the BTC bridge and its assets have not been affected by the attack.<\/p>\n<p>The Harmony team also said it was working with \u201cnational authorities and forensic specialists\u201d to determine who is responsible. A post-mortem is sure to follow.<\/p>\n<p>The developers and the co-founder of Harmony Nick White did not respond to requests for comment. Harmony is a layer-1 blockchain using proof-of-stake consensus. Its native token is ONE.<\/p>\n<p>Concerns have previously been expressed as to the soundness of Horizon\u2019s multisig wallet on Ethereum which only required two out of the four signees to drain the funds. A founder of Chainstride Capital crypto-focused venture fund Ape Dev <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/_apedev\/status\/1510007670241173504\">noted<\/a> on <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Twitter<\/a> April 2 that the low number of required signers would leave the bridge open for \u201canother 9 figure hack.\u201d<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">The security of the bridge is currently predicated on a multisig wallet deployed at 0x715CdDa5e9Ad30A0cEd14940F9997EE611496De6. It has four owners, two of which are required to consent in order to execute an arbitrary transaction (i.e. drain the $330m). <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/sgYmyPrYgf\">pic.twitter.com\/sgYmyPrYgf<\/a><\/p>\n<p>\u2014 Ape Dev (@_apedev) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/_apedev\/status\/1510007665400950791?ref_src=twsrc%5Etfw\">April 1, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Ape Dev\u2019s prediction appears to have become a reality as the bridge is now down $100 million in assets.<\/p>\n<p>He is far from the only developer in crypto to have qualms with the security of token bridges.<\/p>\n<p>Vitalik Buterin discussed the issues with token bridges in a Reddit post this January. He posited that when bridges get exploited, it threatens the liquidity on each chain affected. He added that as the amount of token bridges increases, the threat of a 51% attack on one chain could present greater contagion risk to others.<\/p>\n<p>Since his prediction, Meter\u2019s token bridge, Axie Inifinity\u2019s Ronin Bridge and the Wormhole Bridge were each exploited for nearly a combined $1 billion.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">The national authorities and forensic specialists should be investigating *you* to figure out what kind of broken security practices allowed this &#8220;theft&#8221; to happen.<\/p>\n<p>\u2014 Chris Blec (@ChrisBlec) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/ChrisBlec\/status\/1540143787208577025?ref_src=twsrc%5Etfw\">June 24, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Multisigs are an ongoing security issue in attacks. The Ronin Bridge was secured by nine validators, only five of which were required to verify a transaction. The attacker took control of the required five validators and extracted over $600 million in assets.<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>Chainalysis launches reporting service for businesses targeted in crypto-related cyberattacks<\/em><\/strong><\/p>\n<p>The market does not yet appear to have responded to the attack as prices of all the coins and tokens in question have not made a significant move. However, ONE has dropped 7.4% over the past 24 hours, with most of the fall coming in the past 5 hours. It is trading at $0.024 <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.coingecko.com\/en\/coins\/harmony\">according<\/a> to CoinGecko.<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"defi_newsletter\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/breaking-harmony-one-s-horizon-bridge-hacked-for-100m\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; Breaking: Harmony&#8217;s Horizon Bridge hacked for $100M &#8220; The Horizon Bridge to the Harmony layer-1 blockchain has been exploited for $100 million in altcoins which are being swapped for Ether (ETH). The hack may vindicate previously raised community concerns about the robustness of the two of four multisig that reportedly secures the bridge. Starting&#8230;<\/p>\n","protected":false},"author":1,"featured_media":466954,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDYvMjgzZjJjNzQtZjE4Ni00OWQzLTlhY2MtNjU1YTM5YjllOTQ3LmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74867,74894,74891,74892,88700,70944],"class_list":["post-466953","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-altcoin","tag-blockchain","tag-ethereum","tag-tokens","tag-uniswap","tag-hackers"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/466953","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=466953"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/466953\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/466954"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=466953"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=466953"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=466953"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}