U.S. based firm Harmony, the crypto start-up behind Horizon Blockchain Bridge, on Friday announced that $100 million worth of digital tokens were stolen from one of its key products.
For the unversed, Horizon Blockchain Bridge allows users to transfer their crypto assets including tokens, stablecoins, and NFTs, between Ethereum, Binance Smart Chain, and the Harmony blockchain.
The company said that on June 23, 2022, they became aware of a malicious attack being successfully carried out on its proprietary Horizon Ethereum Bridge, which compromised the bridge with 11 transactions that extracted tokens stored in the bridge. The estimated value of the stolen crypto at the time of the attack was approximately $100 million.
Harmony added that it had stopped the Horizon bridge to prevent further transactions. Incidentally, Harmony’s bridge for Bitcoin was unaffected by the attack; its funds and assets stored on decentralized vaults are safe at this time.
Following the attack, the company immediately notified multiple cyber security partners, exchange partners, and the FBI (Federal Bureau of Investigation) and requested to assist with an investigation in identifying the culprit and methods to retrieve stolen assets. Only after these contacts were established, Harmony announced the hack via Twitter and its blog post.
1/ The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.
— Harmony ? (@harmonyprotocol) June 23, 2022
The Harmony team even attempted communication with the hacker at its address: 0x0d043128146654c7683fbf30ac98d7b2285ded00 with an embedded message in a transaction at approximately 5:30 PM PST and is awaiting a response.
“Harmony believes that focusing on decentralized bridges is an essential step forward for Web3. This incident is a humbling and unfortunate reminder of how our work is paramount to the future of this space, and how much of our work remains ahead of us,” the company said in a statement.
“Ongoing investigations present a challenge of what information is allowed to be shared with the public, but we will continue to provide updates with the latest information as soon as we are able to share,” it added.
“We are working around the clock to ensure both the investigation and recovery of stolen funds are concluded in the most time efficient manner possible.”
On Friday, the Harmony team said that they handed their findings to its U.S. colleagues who have resumed the investigation alongside its cyber security partners. Its investigation team comprises engineers located around the world including the U.S., Greece, India, and Cambodia.
This breach is the third major bridge hack this year after Wormhole bridge suffered a $325 million hack in February and Ronin Network lost more than $600 million in March due to a blockchain bridge attack. More than $1 billion has been stolen from cryptocurrency bridges in the year 2022 alone.