One of the biggest cryptocurrency breaches in recent weeks occurred after the Harmony Network discovered a theft on one of its well-known products, Horizon Bridge.
Harmony posted an announcement regarding the incident through its Twitter account. They said that the Harmony team has spotted a theft occurring this morning on the Horizon bridge amounting to approx. $100MM.
“We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds,” they said.
1/ The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.
— Harmony 💙 (@harmonyprotocol) June 23, 2022
The culprit swapped the stolen funds for ETH
The tweets claim that the offender exchanged the stolen cryptocurrencies for Ether (ETH), and his address was revealed.
Through this vulnerability, Wrapped Ether (wETH), Binance USD (BUSD), Aave (AAVE), Frax (FRAX), SushiSwap (SUSHI), Frax Share (FXS), AAG (AAG), Dai (DAI), Tether (USDT), Wrapped BTC (wBTC) and USD Coin (USDC) have been stolen so far.
The offender’s ERC address currently contains 85,867.26 Ether, 990 Aave Tokens, and a very small number of additional tokens, totalling $100,924,948.
Blockchain data also shows that the attacker has not yet transferred any funds to exchanges or privacy swap services. The Horizon bridge allows users to exchange assets, such as tokens, stablecoins, and NFTs, between Ethereum, Binance Smart Chain (BSC), and Harmony blockchains.
The trustless BTC bridge’s funds and assets are currently secure since they are housed in decentralised vaults, according to the Layer-1 blockchain network. They insisted that in order to prohibit additional transactions, they had also alerted exchanges and shut down the Horizon bridge. The team is working continuously as the investigations proceed.
However, the domestic intelligence and law enforcement agency of the United States, the Federal Bureau of Investigation (FBI), as well as a number of cybersecurity companies have joined the hunt for the attacker, they announced in a subsequent tweet, promising to keep everyone informed as they look into this further and obtain more information.
Harmony is working around the clock as we continue our investigation alongside the FBI and multiple cyber security firms.
Updates will be shared as information is gathered.
— Harmony 💙 (@harmonyprotocol) June 24, 2022
The attack increases the number of bridge-targeting flaws this year, which enable users to transfer tokens between blockchains, bringing the total loss to be more than $1 billion in 2022 alone. Wormhole Bridge suffered a $326 million attack in February, while Ronin was the target of a $625 million vulnerability in April.