Harmony Protocol’s Horizon Bridge was exploited to the tune of around $100 million in various crypto assets. Harmony identified a theft on the Horizon Bridge with the funds being sent to the attacker’s Ethereum address.
The protocol tweeted that it was working around the clock and was investigating with the FBI and multiple cyber security firms. It said the incident did not impact the trustless BTC bridge as funds and assets stored on decentralized vaults were safe. The latest hacking incident follows March’s Ronin bridge exploit which resulted in a loss of more than $600 million – the crypto industry’s largest-ever loss. Back in February, hackers made off with more than $300 million from the Wormhole bridge.
The Horizon bridge is the gateway between Harmony, a highly scalable proof-of-stake (PoS) Layer-1 blockchain, and other networks like Bitcoin, Ethereum, and Binance Chain. Concerns about the bridge were initially raised by Chainstride Capital’s founder in April. He revealed that the security was governed by a multisig wallet with four owners. The expert observed that only two were required to execute an arbitrary transaction. At that time, he said if two of the four multisig signers are compromised, there will be another “nine-figure hack”.
For bridges, multisig is a point of weakness for crypto protocols because not all signatories are required to conduct a transaction. But Harmony Protocol found it out the hard way.