Latest Crypto Bridge Hack: Key Ecosystem Weakness
Harmony’s Horizon Bridge has been mined for $100 million, making three major bridge hacks this year and exposing a central weakness in the digital asset nexus, according to multiple reports.
Harmony said in a Tweeter the hack of its Horizon bridge – which offers cross-chain transfers between Ethereum and Binance – is being handled by its own cybersecurity partners, exchanges, forensic specialists and authorities, including the FBI “to identify the culprit and recover the funds stolen”.
Harmony’s Bitcoin bridge, stored in decentralized vaults, was unaffected by the hack, according to reports.
See also: PYMNTS Crime Series: Another Day, Another Nine-Figure Crypto Hack
Matthew Barrett of Harmony said “the team attempted to communicate with the hacker with an embedded message in a transaction addressed to the culprit”, in a Medium position.
“Harmony believes that focusing on decentralized bridges is a key step forward for Web3. This incident is a humble and unfortunate reminder of how paramount our work is to the future of this space, and how much of our work remains ahead of us.
Read more: In $625 Million Hack, Bigger Crypto Security Issue Shows Up
Even before the Horizon hack, hackers stole more than $1 billion from bridges, Bloomberg reported. Using complicated technology managed by anonymous teams, the bridges are particularly vulnerable to possible hacks. It’s generally unclear how the funds are secured, Bloomberg reported.
Hackers stole more than $300 million from the Wormhole Bridge in February and an estimated $620 million in March from the Ronin Bridge, which is tied to play-to-earn video game Axie Infinity.
Related: PYMNTS Crypto Crime Series: With $1 Billion Hacked, Cross-Chain Crypto Payments May Be In Danger
“The [Horizon] the theft appears to have occurred due to private key compromise,” said Xuxian Jiang, chief executive of security firm PeckShield, who was contacted by Harmony for assistance, Bloomberg reported.
Four multi-signature wallets secure Harmony’s bridge, Jiang said, adding that authentication of at least two is required for validation and execution of a transaction.
The Ronin Bridge used a similar authentication method, with five out of nine validators required, according to Bloomberg.