Key facts:
The attack occurred on the Ethereum side of the Horizon Bridge, they reported.
The hacker is mixing the stolen cryptocurrencies and seems unwilling to return them.
Harmony offers USD 1 million as a reward to the hacker who a few days ago compromised the Horizon bridge, which connects its blockchain with Ethereum. In exchange, the attacker must return the almost USD 100 million that he stole.
In addition to the reward for collaborating, Harmony also offers the hacker the ability not to press charges against you in case you agree to return the stolen money. Likewise, as the company expressed from its official twitter accountyou will be asked to explain the vulnerability you found as a requirement to reach this deal.
As CriptoNoticias reported, last week the Horizon bridge, which connects the Harmony and Ethereum blockchains, suffered a hack which resulted in the theft of USD 100 million in various cryptocurrencies and tokens. As a result of this, the Harmony developers notified the United States authorities and cryptocurrency exchanges to monitor the activity of the identified wallets.
Last Sunday, June 26, the founder of Harmony, Stephen Tse, posted on Twitter an analysis of the attack on Harmony that the company endorsed by retweeting it. In the thread, it is explained that evidence was found that the private keys were compromised, and that this allowed the attack on the Horizon Bridge. The funds were stolen from the Ethereum side of the bridge, says the developer and entrepreneur.
These private keys were in the custody of Harmony, double encrypted. The attacker was able to access several of them and decrypt them, and in this way he was able to sign the transactions to move the funds to his address.
Beyond the above, it is clarified that no security breaches were identified in the code of the smart contract by harmony nor are there any vulnerabilities in the Harmony platform.
The hacker does not seem willing to negotiate with Harmony
Despite the company’s attempts, Everything seems to indicate that the intentions of the hacker of the bridge between Harmony and ethereum they are others. As reported by security and analytics firm PeckShield Alert, 18,000 ethers (ETH) were moved from the hacker’s address to the Tornado Cash transaction mixer. Subsequently, another movement of 6,000 ETH was alerted.
In this way, the amount equivalent to USD 29.2 million according to the CriptoNoticias price index, becomes more difficult to identify in its subsequent movements. This seems to be an indication that the hacker’s idea would not be to return what was extracted, but to “camouflage” it in order to keep all the loot.