1. Home
  2. Horizon Bridge

Horizon Bridge

Harmony hacker sends stolen funds to Tornado Cash mixer

The exploiter seems to have rejected the Harmony team’s bounty offer of $1 million to return the $100 million stolen from the Horizon Bridge token bridge.

The funds from Harmony’s Horizon Bridge have begun to move into the Tornado Cash Ethererum mixer, signaling that the attacker has no intention of accepting the $1 million bounty offered.

The decision to obfuscate the ill-gotten gains answers questions about whether the Harmony team’s offer of just 1% of the $100 million in crypto funds stolen on June 24 would be enough to convince the exploiter to return them.

A total of 18,036.3 ETH worth about $21 million was moved out of the Horizon Bridge exploiter’s primary wallet at 03:10 am ET on June 28. These funds were then divided equally three ways and sent to three different addresses in single transactions respectively, over the next 10 hours.

Tornado Cash supports mixing a maximum of 100 ETH at a time, which means large sums can easily take several hours to mix. Mixing ETH is a privacy measure designed to obfuscate the transaction path of coins so they cannot be traced back to previous transactions.

The first and second wallets that received ETH from the exploiter’s primary wallet have completed mixing the coins and are now left with about 16.3 ETH collectively, an amount likely too small to bother with.

The third wallet was busy sending batches of 100 ETH to Tornado in eight-minute intervals and still had 2,800 coins remaining as of the time of writing.

Cointelegraph has not received a reply from the Harmony team on what it plans to do to replace the stolen funds in the bridge.

The project’s Twitter account reaffirmed on June 27 that the team was working with “two highly reputable blockchain tracing and analysis partners,” along with the Federal Bureau of Investigation, to investigate the hack.

About $80 million in ETH is still in the explorer's primary wallet. They could possibly return a portion of the stolen funds to Horizon, or they may be taking a break as it has taken the exploiter over 13 hours to mix just $21 million.

Although the initial haul was valued at about $100 million at the time, positive ETH price fluctuations have increased the dollar value to $101.5 million.

Stephen Tse, the founder of Harmony, confirmed on June 25 that the exploiter took control of the required two Horizon Bridge signees for the multisig address used to secure funds. He noted that the Ethereum side of the bridge affected by the exploit was moved to a more secure multisig wallet that required four signees.

Related: Axie Infinity to compensate Ronin exploit victims and relaunch bridge

Horizon is the latest in a growing list of token bridges that have been attacked. The largest token bridge to be hacked was Poly Network in 2021, which lost $610 million that was almost entirely returned.

In total, over $1 billion has been extracted from the Meter, Wormhole, Ronin, and now Horizon token bridges through nefarious means in 2022 so far.

VeraViews Integrates OnDemand’s Advanced AI Technology to Transform Ad Fraud Detection

Harmony offers $1M bounty, but is it big enough?

The Harmony team says it will offer $1 million to the hacker who exploited the Horizon Bridge for $100 million, but that may not be enough to get the funds back.

The Harmony layer-1 blockchain project team has offered a bounty equal to just 1% of the $100 million in crypto stolen from the Horizon Bridge hack last week. 

Harmony tweeted on June 26 that the team had committed $1 million for the return of the funds that were stolen from the Horizon Bridge on June 23. It added, “Harmony will advocate for no criminal charges when funds are returned.”

However, concerns have been raised that the modest bounty sum may not be enough to incentivize the attacker to return the funds.

The Horizon Bridge is a token bridge between the Harmony blockchain and the Ethereum network, Binance Chain, and Bitcoin. The Bitcoin bridge was not affected in this exploit.

Compared to other high-profile exploits this year, Harmony’s bounty offer ranks low. The $10 million offered to the Rari Fuse attacker in May was 12.5% of the total stolen. The Beanstalk Finance team offered $7.6 million which was 10% of the total exploited from the protocol in April.

Harmony’s bounty offer is so low that the crypto trader known on Twitter as Degen Spartan called it an “insulting amount.” He added, “imagine losing 100m and thinking you're in a position to lowball for a 1% bounty lmwo these people are just doing performance art to mitigate legal liability.”

In an incident response update on the Horizon bridge hack on June 25, Harmony founder Stephen Tse tweeted that the hack was not the result of a smart contract code breach, instead, the team found evidence that private keys were compromised which led to the breach of the bridge.

Tse said that the Ethereum side of the bridge had migrated “to a 4-5 multisig since the incident.” The vulnerability of the multisig wallet requiring just two out of five signers was brought up by a community member in April, but the issue was not addressed by the Harmony team until now.

A multisig wallet is a crypto wallet that requires multiple key holders to approve a transaction. These wallets are commonly used at crypto projects.

As of the time of writing, the Horizon Bridge hacker has not moved the stolen funds into Tornado Cash, an Ether (ETH) mixer, or any other anonymizer.

Related: How can crypto stop getting hacked?

Hope is not lost for Harmony, as its $1 million bounty is not the smallest proportional to the amount of funds lost. In 2021, the Poly Network interoperability platform was hacked for $610 million. The team’s bounty offer of $500,000 was 0.08% of the total stolen. The offer was rejected, but luckily the funds were returned anyway.

VeraViews Integrates OnDemand’s Advanced AI Technology to Transform Ad Fraud Detection

Harmony’s $100M Hack Was Due to a Compromised Multi-Sig Scheme, Says Analyst

Harmony’s 0M Hack Was Due to a Compromised Multi-Sig Scheme, Says AnalystOn June 23, 2022, the Harmony development team announced that $100 million was siphoned from the Horizon bridge, and the organization explained it was working with national authorities and forensic specialists. According to an account published Polygon’s chief information security officer, Mudit Gupta, the Horizon bridge attacker allegedly took control of the multi-signature wallet leveraged […]

VeraViews Integrates OnDemand’s Advanced AI Technology to Transform Ad Fraud Detection

Breaking: Harmony’s Horizon Bridge hacked for $100M

The layer-1 blockchain’s main bridge between Ethereum, Binance Chain, and Bitcoin has been exploited for nine figures, but says its BTC bridge has not been affected.

The Horizon Bridge to the Harmony One layer-1 blockchain has been exploited for $100 million in altcoins which are being swapped for Ether (ETH).

The hack may vindicate previously raised community concerns about the robustness of the two of four multisig that reportedly secures the bridge.

Starting at about 7:08 am until 7:26 am ET, 11 transactions were made from the bridge for various tokens. They have since begun sending tokens to a different wallet to swap for ETH on the Uniswap decentralized exchange (DEX), then sending the ETH back to the original wallet.

So far, Frax (FRAX), Wrapped Ether (WETH). Aave (AAVE), Sushi (SUSHI), Frax Share (FXS), AAG (AAG), Binance USD (BUSD). Dai (DAI), Tether (USDT), Wrapped BTC (WBTC), and USD Coin (USDC) have been stolen from the bridge through this exploit.

The Horizon Bridge facilitates token transfers between Harmony and the Ethereum network, Binance Chain and Bitcoin. Harmony, the operator of the bridge, announced late on June 23 that the bridge has been halted. It said the BTC bridge and its assets have not been affected by the attack.

The Harmony One team also said it was working with “national authorities and forensic specialists” to determine who is responsible. A post-mortem is sure to follow.

The developers and the co-founder of Harmony One Nick White did not respond to requests for comment. Harmony One is a layer-1 blockchain using proof-of-stake consensus. Its native token is ONE.

Concerns have previously been expressed as to the soundness of Horizon’s multisig wallet on Ethereum which only required two out of the four signees to drain the funds. A founder of Chainstride Capital crypto-focused venture fund Ape Dev noted on Twitter April 2 that the low number of required signers would leave the bridge open for “another 9 figure hack.”

Ape Dev’s prediction appears to have become a reality as the bridge is now down $100 million in assets.

He is far from the only developer in crypto to have qualms with the security of token bridges.

Vitalik Buterin discussed the issues with token bridges in a Reddit post this January. He posited that when bridges get exploited, it threatens the liquidity on each chain affected. He added that as the amount of token bridges increases, the threat of a 51% attack on one chain could present greater contagion risk to others.

Since his prediction, Meter’s token bridge, Axie Inifinity’s Ronin Bridge and the Wormhole Bridge were each exploited for nearly a combined $1 billion.

Multisigs are an ongoing security issue in attacks. The Ronin Bridge was secured by nine validators, only five of which were required to verify a transaction. The attacker took control of the required five validators and extracted over $600 million in assets.

Related: Chainalysis launches reporting service for businesses targeted in crypto-related cyberattacks

The market does not yet appear to have responded to the attack as prices of all the coins and tokens in question have not made a significant move. However, ONE has dropped 7.4% over the past 24 hours, with most of the fall coming in the past 5 hours. It is trading at $0.024 according to CoinGecko.

VeraViews Integrates OnDemand’s Advanced AI Technology to Transform Ad Fraud Detection