A popular cross-chain protocol, identified as Harmony Horizon Bridge has reportedly suffered exploitation, leading to a loss of about $100 million in altcoins. The protocol confirmed the development in a tweet conveyed via its official handle on Friday. As revealed, the exploiter pilfered the altcoins and consequently swapped them for ether. The harmony team has now responded swiftly by involving national authorities and forensic specialists to probe the exploitation.
Prior to the exploitation, community members of the protocol raised concerns as regards the efficiency of two of the four multisig securing the bridge. Now, the team traced and shared the account of the exploiter, which posseses about $99 ether. According to Harmony Horizon Bridge, the exploitation overtly began at around 7:08am till 7:26am ET. Furthermore, the protocol says the exploiter carried out 11 transactions from the bridge for numerous tokens.
The Harmony Horizon Bridge team also revealed that the exploiters have started relaying the stolen tokens to a different wallet for swapping. As revealed, the exploiter intends to convert the assets to ether on Uniswap exchange before resending to his wallet. The team announced its plan to undergo a post-mortem to discover the circumstances surrounding the exploitation. As of Press time, the native token of the protocol, identified as Harmony (One) as revealed by Coinmarketcap dropped by 9%.
According to reports, the Horizon Bridge usually fosters token transfer between Harmony and Ethereum, Binance chain, and Bitcoin. As a consequence of the exploitation, the harmony team reportedly suspended the bridge. It claims the BTC bridge and its assets were not affected by the exploitation.
Harmony Horizon Bridge, Ronin sidechain exploitations in the industry
Recall that token bridges have continued to become vulnerable to series of exploitations in recent times. As reported by Binbits, the Ronin sidechain, powering the Axie Infinity game endured an attack which resulted into the loss of about $650 million in March. According to reports, the exploitation manifested as one of the biggest exploitations ever experienced in the DeFi industry. The losses occasioned by the security breach amount to about 173,600 ether and 25.5 million in USDC. The current value of the losses, however, amounts to more than $6.25 million.
As reported, the exploiter employed an already hacked private key in forging fake withdrawals from the Ronin network. This, as indicated on Etherscan, however, manifested on two different transactions. According to the network’s blog post, the perpetrator discovered a backdoor via the gas-free RPC node. The attacker consequently abused this feature to access the signature for the Axis DAO validator. The post-mortem report indicted a North-Korean team as the mastermind of the attack.
More so, in August 2021, an exploiter raked over $611 million after hacking a cross-chain decentralized finance (DeFi) protocol Poly Network. Nevertheless, most of the carted funds became recovered.