Horizon, a bridge whose function is to interconnect the Harmony blockchain with that of Ethereum, suffered a hack that caused losses of approximately USD 100 million. The company is working to find the culprit and recover the funds together with the United States authorities.
As detailed by the Harmony team in a twitter thread, a address related to the attacker has just over 85,867 ethers (ETH) at the time of writing this note. According to the CriptoNoticias price index, the figure is equivalent to USD 97.5 million.
The funds that the attacker managed to steal were mined in various cryptocurrencies and tokens, such as DAI (DAI), Tether (USDT), USD Coin (USDC) and Binance USD (BUSD), wrapped Ethereum (wETH), wrapped Bitcoin (wBTC), SushiSwap (SUSHI), Aave (AAVE), Frax (FRAX) , FraxShare (FXS) and AAG (AAG). The hacker’s addresses are already tagged as “Horizon Bridge Exploiter“, as you can see on the Etherscan block explorer.
One of the first steps developers took after the attack was to alert exchanges to possible moves that can be made to or from the hacker’s address. Furthermore, they reported that They will continue to investigate the event in conjunction with the United States Federal Bureau of Investigation (FBI) and that they will inform when they have more news.
In the post, Harmony highlighted that the bridge with Bitcoin has not been affected and that your funds are safe. However, this could have its repercussions on other protocols. In this sense, the decentralized finance (DeFi) protocol Aave reported that is monitoring the situation of what happened with Harmony so that it does not affect its users.
What is Harmony and what was its bridge with Ethereum used for?
Harmony is a blockchain that is characterized, as described in its twitter profile, for allowing the development and execution of Ethereum applications with “delays of only two seconds and 100 times lower commissions” than in the main layer of said network.
The bridge that links Harmony with Ethereum, called Horizon, has the main purpose of allow the exchange of crypto assets between those networks and also others, such as Bitcoin and BNB Chain (former Binance SmartChain). What this bridge does is lock a certain amount of funds on one side (i.e. on one network) and unlock an equivalent in another token or cryptocurrency so that it can be used on the other network.
This is how Horizon works, but an attacker was able to intercept this mechanism and take advantage of it to keep funds that should have been blocked in one of the networks involved. A similar and high-profile attack occurred this year on the Ronin Bridgethe blockchain of the famous game play-to-earn Axie Infinity, which ended with a theft of 174,000 ETH.