Horizon, a cross-chain bridge on Harmony layer-1 blockchain, was exploited on June 23, 2022. According to the official statement, the hackers stole crypto assets worth 100M in USD. Later, Harmony announced they have successfully singled out the suspect behind the exploit.
Recently, crypto exploits have become quite common with blockchain networks losing millions in one go. The most famous case was the Ronin Network hack in March 2022 where hackers stole around $620M through a security breach, and many other similar cases have spanned over the years.
As the crypto market suffers from harsh winter, the hackers seem to be making it worse. Amidst this, a bridge token hack is the worst as it affects the liquidity of all chains attached to it. The same thing happened with Harmony’s Horizon Ethereum Bridge.
Hackers hack into Horizon Bridge
Horizon Bridge is a cross-chain infrastructure that enables users to make transactions across Ethereum, BSC, Bitcoin, and Harmony. This bridge exists on layer 1 of Harmony’s network and plays an essential role in doing crypto transfers from one blockchain to another in the DeFi industry.
On June 24, the official Twitter account of Harmony tweeted that its Horizon bridge was exploited. According to the official statement, Hackers found a weak link that gave them access to the Horizon Ethereum bridge. During this time, 11 transactions extracted tokens stored in the bridge during multiple transactions.
This alarmed the Harmony team and they immediately contacted multiple cyber security partners, exchange partners, and the FBI to investigate the case and retrieve the stolen crypto assets as soon as possible.
The team found out that the Ethereum bridge was badly exploited but thankfully the Bitcoin bridge remained unharmed.
Harmony identifies the hacker
The team updated the Twitter thread with a wallet address link following the announcement of the exploit and investigation. The team was able to successfully single out an individual with a wallet address holding a similar amount to what was stolen from the bridge.
Based on the analysis, the 11 wallet transactions began sending tokens to a different wallet to swap for ETH tokens through Uniswap, and then returned ETH tokens again in the original wallet. The wallet address provided by Harmony currently holds 85,867 ETH, which is around $104,360,498.
According to the official statement, the team has contacted the suspect behind the hack through an embedded message in a transaction to the culprit’s address. As of now, the blockchain network hasn’t provided any more updates to the case except that it discontinued the bridge operations for the time being.
“We have also notified exchanges and stopped the Horizon bridge to prevent further transactions. The team is all hands on deck as investigations continue,” the tweet reads.
Why did the hack happen?
Many experts believe that the reason for the hack is due to the weak link within the bridge. According to CNBC, the security of Harmony only required two signatures to make transactions on the bridge. The hackers were able to find the private keys of a crypto wallet which gave them access to the crypto assets.
Bridges initiate transactions on a daily basis on DeFi as users switch between blockchains for various reasons. It is important for blockchains to ensure the bridges are safe from broken or weak links that might lead to severe consequences.
Hackers are always on the lookout for loopholes within blockchain so, it is the responsibility of the developers to ensure hackers don’t get the chance to exploit them.
Following the Horizon bridge hack, Harmony’s token (ONE) prices plunged down drastically. Currently, ONE is trading at the price of $0.02489.