ONE Keeps Trending Lower while Harmony Offers Hacker USD 1M in Bounty for Return of Funds
The team behind the layer-1 blockchain Harmony (ONE) has offered the Horizon Bridge hacker USD 1m in bounty for the return of some USD 100m in stolen funds.
“We commit to a [USD] 1M bounty for the return of Horizon bridge funds and sharing exploit information,” Harmony said in a Twitter post on Sunday, sharing a contact email and an Ethereum (ETH) address.
The company also pledged not to advocate for criminal charges when funds are returned.
Meanwhile, the blockchain’s native token ONE keeps dipping. At 7:26 UTC on Monday, the coin is down by more than 4% in a day and 11% in a week. Furthermore, it is down by nearly 94% compared to its all-time high.
The bounty is the latest attempt by the Harmony team to recover approximately USD 100m that was stolen last week from Horizon Bridge, a cross-chain interoperability platform between Ethereum, Binance Smart Chain (BSC), and Harmony blockchain networks.
Harmony first revealed the exploit in a tweet in the early hours of Friday morning, saying that they had “identified a theft occurring this morning on the Horizon bridge amounting to approx. [USD] 100MM.” The team also claimed they began reaching out to cyber security specialists, exchanges, and the FBI.
The Harmony team stated that their investigation team is made up of engineers from around the world and across five time zones, including the US, Greece, India, and Cambodia.
In an update, blockchain analysis firm Elliptic said that the funds “were stolen on both Ethereum and Binance Smart Chain,” detailing that a variety of crypto assets were taken, including Ethereum, Binance Coin, Tether, USD Coin, and Dai, all of which were swapped for ETH.
Stephen Tse, founder and CEO at Harmony, said in a Sunday tweet that they have found no evidence of a smart contract code breach or any vulnerability on the Horizon platform.
“The team has found evidence that private keys were compromised, leading to the breach of our Horizon bridge. Funds were stolen from the Ethereum side of the bridge,” Tse said.
Harmony’s private keys were “doubly encrypted using a passphrase and a key management service,” Tse claimed, adding that the attacker managed to access and decrypt a number of these keys and use them to sign the unauthorized transactions.
7/ We have migrated the Ethereum side of the Horizon bridge to a 4-of-5 multisig since the incident. We will continue taking steps to further harden our operations and infrastructure security.— stephen tse ❤️🔥 [email protected] (@stse) June 26, 2022
The Horizon Bridge hack follows a number of other bridge hacks so far this year that have cumulatively contributed to the loss of over USD 1bn, according to Elliptic.
Among the more notable bridge hacks, the Ronin Network, an Ethereum-based sidechain made for the popular play-to-earn game Axie Infinity, was exploited for more than USD 600m while decentralized finance (DeFi) platform Wormhole lost almost USD 325m to hackers in February.
– ONE Drops as Harmony’s Bridge Hacked for Almost USD 100M
– Axie Infinity’s Ronin Bridge to Re-Open After Hack, Locked Funds to Be Returned
– Osmosis DEX Hacked for USD 5M, Team Denies Liquidity Pools Being ‘Completely Drained’
– The Blame Game Begins as Bored Apes Co-Founder Criticized for Blaming Discord Following Another NFT Exploit
– Hacker Used ‘Social Media Data Leak’ to Steal USD 660K in Crypto from 90 Victims – Police
– Another Report Confirms That Criminal Behavior Keeps ‘Dropping as a Percentage of Overall Crypto Activity’