Hackers pull $ 100 million in cryptocurrency from blockchain bridge Harmony

by Arthur · July 5, 2022

Hackers got away with around 100 million dollars in cryptocurrency from a so-called blockchain bridge run by Harmony, which contributed to More than $ 1 billion has already been stolen in crypto so far this year.

Harmony said it alerted other exchanges and stopped the bridge, called Horizon, to prevent further transactions while the company investigates the theft. An individual account is believed to be behind the robbery, the company said on Thursday in a series tweets.

The 1 / Harmony team has identified a theft that happened this morning on the Horizon Bridge of approx. $ 100 million. We have begun working with national authorities and forensic specialists to identify the culprit and recover the stolen funds.

More 🧵

– Harmony 💙 (@harmonyprotocol) June 23, 2022

4 / We have also notified exchanges and stopped the Horizon Bridge to prevent further transactions. The team is all hands on deck while the investigation continues.

We will keep everyone updated as we investigate this further and gather more information.

– Harmony 💙 (@harmonyprotocol) June 23, 2022

The company “is working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds,” Harmony said of the Horizon Bridge theft that makes it possible to exchange coins from several blockchains. In a later tweet, Harmony said they were working with the Federal Bureau of Investigation and cyber security firms to investigate the attack.

Harmony did not immediately respond to a request for comment.

Shaking bridge

Harmony and other so-called blockchain bridges were developed to accept more tokens as more cryptocurrencies are used and users look to make transfers easier. Horizon offers chain exchange between Ethereum and Binance Smart Chain.

However, bridges are seen as particularly vulnerable to attack and are often targeted by cybercriminals, with $ 1.3 billion stolen from bridges in the first three months of the year, according to an estimate by researcher Chainalysis.

Attack on Crypto.com in January, Wormhole in February and Ronin Network in March each resulted in losses of several million dollars. Web security experts say hackers often target decentralized finance, or DeFi, platforms with weak security.

DeFi services are usually built on public blockchains, allowing users to exchange crypto back and forth without the need for an established financial institution such as a bank or credit union.

In another attack in April, hackers stole $ 182 million from the DeFi service Beanstalk Farms. PeckShield, a blockchain security company in China, said the thieves used a “flash loan” to exploit security vulnerabilities in Beanstalk. A flash loan is an unsecured loan that circumvents the need for collateral from the borrower by using smart contracts that require repayment by the end of a transaction – usually within seconds or minutes.