In the latest major crime in the world of decentralised finance, hackers took $100 million in cryptocurrencies from Horizon, a so-called blockchain bridge.
The details of the attack are still sketchy, but Harmony, the creators behind Horizon, claimed Wednesday morning that they had identified the theft. Harmony has identified an individual account as the offender.
“We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds,” the start-up said in a tweet late Wednesday.
In a subsequent tweet, Harmony stated that it is investigating the incident in collaboration with the Federal Bureau of Investigation and various cybersecurity firms.
Blockchain bridges play an important role in the DeFi space, allowing users to transfer assets from one blockchain to another. In the instance of Horizon, users can send tokens from the Ethereum network to the Binance Smart Chain. Harmony said the attack did not affect a separate bridge for bitcoin.
Bridges, like other aspects of DeFi, which intends to reconstruct traditional financial services such as loans and investments on the blockchain, have become a favourite target for hackers due to flaws in their underlying programming.
According to Jess Symington, research head at blockchain analysis firm Elliptic, bridges “keep substantial stocks of liquidity,” making them a “tempting target for hackers.”
“In order for individuals to use bridges to move their funds, assets are locked on one blockchain and unlocked, or minted, on another,” Symington said. “As a result, these services hold large volumes of cryptoassets.”
Harmony has not explained how the monies were obtained. However, one investor expressed concerns about the Horizon bridge’s security as early as April.
The Horizon bridge’s security was based on a “multisig” wallet that required only two signatures to commence transactions. Some analysts believe the attack was caused by a “private key compromise,” in which hackers gained the password, or passwords, required to access a cryptocurrency wallet.
It comes after a slew of high-profile hacks on other blockchain bridges. The Ronin Network, which hosts the crypto game Axie Infinity, lost more than $600 million in a March security incident. Another popular bridge, Wormhole, lost approximately $320 million in a different breach a month earlier.
The robbery is the latest in a string of bad news for cryptocurrency. After a steep drop in the value of their assets caused a liquidity bottleneck, crypto lenders Celsius and Babel Finance froze withdrawals. Meanwhile, Three Arrows Capital, a troubled crypto hedge fund, may default on a $660 million debt from brokerage firm Voyager Digital.
(Adapted from Reuters.com)