Frax (FRAX), Wrapped Ether (wETH). Aave (AAVE), SushiSwap (SUSHI), Frax Share (FXS), AAG (AAG), Binance USD (BUSD), Dai (DAI), Tether (USDT), Wrapped BTC (wBTC) and USD Coin (USDC) were stolen from the bridge through this exploit.
A blockchain platform called Harmony is intended to make it easier to develop and use decentralized applications (DApps). By concentrating on random state sharding, which enables the production of blocks in few seconds, the network seeks to reinvent the way decentralized applications operate.
The blockchain focuses on validation and processing speed. Block generating was revolutionized by the development of the Harmony mainnet. The platform hopes to accomplish this by implementing the sharding process, which will assist the business in drastically reducing node validation times. As a result, the Horizon Bridge of the Network can enable token transfers between Harmony and the Ethereum network, the Binance Chain, and Bitcoin.
The Verifiable Random Function (VRF) for impartial and unpredictable shard membership was established by Harmony to assure the protection of nodes and the security of the validation process. This indicates that validators and nodes are randomly assigned and reassigned.
Effective Proof-of-Stake (EPoS) is a new proof-of-stake (PoS) consensus introduced by Harmony (EPoS). Many validators can stake simultaneously using this way. This consensus technique was created in conjunction with the Harmony network’s sharding concept.
EPoS is intended for quicker processing times and increased scalability, in contrast to proof-of-work (PoW) consensus algorithms. Staking consensus methods rely on a large number of value holders who act as validators, whereas PoW demands a lot of electrical and computer resources.
In order to draw in more node operators, Harmony is also aiming to increase staking incentives. By rewarding stakeholders with the most ONE tokens, the Harmony Open Staking program promotes network interaction.
ONE token down over 50% in the last 30 days
Similar to many other layer 2 (L2) platforms, Harmony offers a native token called ONE that emphasizes the protocol’s goal of helping open consensus processes for billions of people worldwide.
The value of the ONE token, the native token of the Harmony Blockchain, has decreased by more than 50% over the past three months and by more than 25% over the past seven days. The price drop over the past week coincides with a gain in the overall cryptocurrency market, led by DeFi coins like COMP.
The Harmony consensus methodology makes use of the ONE token as a stake. Holders are rewarded for ensuring that the system functions properly and can win block rewards. Additionally, all platform features and activities, such as voting, transaction fees, gas costs, stakes, and reward earning, are paid for using the ONE token. Up until March 2020, the ONE token featured a dynamic inflation schedule. The inflation rate was then modified to a fixed annual rate.
The network was recently the victim of a $100 million hack, which is what led to the token’s collapse. One of the greatest cryptocurrency breaches in recent weeks included the Horizon bridge, a popular product on the Harmony network, which was used to steal over $100 million in cryptocurrencies.
What caused the $100 million hack
- The Harmony development team announced that $100 million was siphoned from the Horizon bridge and the organization explained it was working with national authorities and forensic specialists.
- Following the exploit, the very next day, Polygon’s chief information security officer, Mudit Gupta, said that the bridge was a 2 of 5 multi-signature scheme, which means that anyone with two of the addresses can take control of it.
- “The hacker compromised 2 addresses and forced them to drain the money,” he further revealed. While the specifics aren’t yet known, Gupta said he described what he thinks happened during the hack. According to Gupta, “The two addresses were probably hot wallets intended to listen for and perform legitimate bridge transactions.”
- He said, “Once inside the server, they had access to the unencrypted keys that were stored there for signing legitimate transactions. Social engineering or SSH key compromise, most likely, was the server exploit. This reminds me a lot of how Ronin was hacked.
- He then concluded by adding, “This was not a ‘Blockchain Hack.’ It was a ‘Traditional Hack.’ I’ve been begging protocols to focus on traditional security too alongside blockchain security for months now.”
What you should know
- 11 transactions were made from the bridge for various tokens. The hackers have since begun sending tokens to a different wallet to swap for ETH on the Uniswap decentralized exchange (DEX), then sending the ETH back to the original wallet.
- Wrapped ether, Frax (FRAX) (wETH). Through this exploit, funds from the bridge were taken by Aave (AAVE), SushiSwap (SUSHI), Frax Share (FXS), AAG (AAG), Binance USD (BUSD), Dai (DAI), Tether (USDT), Wrapped BTC (wBTC), and USD Coin (USDC).
- The Harmony project team offered a bounty equal to just 1% of the $100 million in crypto stolen from the Horizon Bridge hack last week.
- Harmony tweeted on June 26 that the team had committed $1 million for the return of the funds that were stolen from the Horizon Bridge on Thursday. It added, “Harmony will advocate for no criminal charges when funds are returned.”
- However, it looks like the hacker did not go ahead with the proposed $1 million bounty as on-chain analytics forensics company PeckShield revealed that the hacker began moving funds into the data privacy platform, Tornado Cash.
- Blockchain data shows the exploiter wallet marked “Horizon Bridge Exploiter” moved over 36,000 ether (ETH), worth over $44 million, in the past 26 hours.
- Harmony explained that they are aware of the movement and is collaborating with blockchain analysis firms and the U.S. Federal Bureau of Investigation (FBI) to catch the culprit, developers said in a tweet on Tuesday morning.
- The exploiter transferred more than 18,000 ether (ETH), which is currently valued over $22 million, to three wallets on Monday. The three wallets only contained a small number of Ethereum tokens when the coins were delivered to Tornado Cash.
- The exploiter sent an additional 18,000 Ether to yet another wallet on Tuesday during Asian hours. From there, some 6,000 ether were transferred to a different wallet. According to blockchain data, the money was then delivered in additional batches of 100 ether each to the anonymity swap service Tornado Cash.
- The on-chain connection between a source and a destination address is severed by Tornado Cash. Hackers and exploiters can conceal their addresses when withdrawing money obtained illegally thanks to this. Over 49,000 ether, or more than $59 million, remain to be held in the main exploiter wallet.
The rise of Token Bridge attacks
In a January Reddit post, Vitalik Buterin outlined the problems with token bridges. He added that when bridges are misused, the liquidity of each chain that is impacted is put in jeopardy. The prospect of a 51 percent attack on one chain could pose a bigger risk of spreading to other chains as the number of token bridges rises, he continued. Since his forecast, the Wormhole Bridge, Ronin Bridge, and Token Bridge of Meter have all been used for roughly $1 billion in total in 2022.
Attacks continue to pose a security risk when using multiple signatures. Only five of the nine validators on the Ronin Bridge were necessary to confirm a transaction. Over $600 million worth of assets were taken by the attacker when he gained control of the necessary five validators.
Prior to now, questions have been raised about the reliability of Horizon’s multi-sig wallet on Ethereum, which only required two of the four signers to withdraw money. The low number of required signers would leave the bridge exposed for “another 9 figure hack,” said Chainstride Capital CEO Ape Dev on Twitter on April 2.
