On 24th June, Harmony, an open and fast blockchain that runs Ethereum (ETH) applications, reported a nearly $100 million theft on the Horizon Bridge. For those unaware, Horizon is a Decentralized Finance (DeFi) platform that enables the exchange of crypto assets between Binance Smart Chain, Ethereum, and Harmony. These assets include Fungible Tokens, Non-Fungible Tokens (NFT), and Stablecoins.
Elliptic, a blockchain analysis firm, published a report suggesting that the Lazarus Group, an infamous North Korean hacking syndicate, might be the primary suspect. This is because the methods employed to hack and launder the stolen assets were highly similar to those used by the Lazarus Group. The thief had converted most of the assets into ETH through Uniswap, a decentralized exchange (DEX), and then moved the ETH into Tornado Cash, an Ethereum-based mixer. The former is a common laundering technique, while the latter makes it difficult to follow the transaction trail.
Initially, Harmony had stated a bounty of $1 million. However, on 29th June, the Harmony team finalized that they will not investigate further, and the responsible party can retain $10 million if they return the remaining amount. Currently, the team is trying to strategize and restore funds for as many Horizon Bridge users as possible.
This year witnessed the hacking of not only Horizon Bridge but also Ronin Sidechain and Wormhole. These attacks suggest that the AMM (Automatic Market Maker) cross-chain bridges may be highly vulnerable. Alternatives such as peer-to-peer (P2P) bridges need to be explored.