The Harmony blockchain bridge is attacked and $100M is stolen. This is the third biggest bridge hack of 2022 and calls into question the security of bridges, the applications that allow crypto-assets to be transferred from one network to another.
What happened?
On Friday, June 24, 2022 a flaw in Horizon Bridge was exploited by a malicious hacker who stole nearly $100,000,000. A few hours later the team said on Twitter that they are in contact with the relevant authorities and are continuing their investigations. The bridge is currently stopped to avoid any further risk.
1/ The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.
More
– Harmony (@harmonyprotocol) June 23, 2022
A bridge is an application that allows cryptocurrencies to be transferred from one blockchain to another. In the case of Horizon Bridge it was possible to transfer funds between the Harmony blockchain and Ethereum, the Binance Chain or Bitcoin. According to the Harmony team, the bridge with Bitcoin would not be impacted.
During this malicious operation, more than 10 cryptocurrencies were stolen, including WETH, BUSD, USDT, WBTC and USDC. The attacker then exchanged these cryptos for ETH on DEX Uniswap.
The application had been audited by the company PeckShield, which specialises in discovering and correcting flaws, but this does not ensure that the risk is non-existent.
Some people had already warned about the risk of hacking this particular bridge. In April 2022, an Internet user reported that only two out of four authorisations from the contract owners were required to authorise transactions. So it could be that two of the four addresses have been compromised or that it was a malicious act by part of the team
Since the current narative du-jour is bridges & bridge hacks, I wanted to do some digging on the harmony bridge on Ethereum which secures ~$330m worth of tokens.
– Ape Dev (@_apedev) April 1, 2022
These applications are prime targets for hackers because they are complicated to secure. Vitalik Buterin himself said he didn’t think the future would be “cross-chain” because of these security issues. You can find his full argument on Reddit.
What impact on Harmony?
This is the third biggest bridge hack so far this year after Wormhole and Ronin.
The price of ONE, a cryptocurrency in the Harmony ecosystem, has depreciated by nearly 10% in the last 24 hours.
What impact on other protocols?
It seems that the hack has caused problems within the Harmony ecosystem, especially in applications related to Decentralized Finance (DeFi). Indeed, stablecoins like USDC, BUSD or USDT lost their peg, i.e. their parity with the dollar. This has caused some protocols to malfunction.
We also see that the total locked value (TVL) in the decentralised finance of the Harmony blockchain has depreciated by almost 20% over the last 24 hours according to DefiLlama.
