Hackers Steal $100 Million by Exploiting Crypto’s Weak Link

HThe theft of $100 million by a “crypto-bridge” reveals a major vulnerability in the ecosystem.

Blockchain Harmony was founded in tweetIt was Thursday morning that its Horizon bridge was hacked. This allows users to exchange coins between various blockchains. It has “begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.”

A majority of crypto-world is split into separate silos. For example, the Bitcoin and Ethereum networks can only work with Ethereum tokens and Bitcoin. Harmony is developing bridge platforms that allow for the exchange of tokens between different blockchains as more crypto currencies become mainstream.

Learn More The Man Behind Ethereum Is Worried About Crypto’s Future

Hackers are most likely to target bridges because they have complex technology, and are frequently run by anonymous teams. It is not always clear how they protect funds. These hackers are skilled and have targeted them repeatedly.

Harmony’s native ONE token, used to pay transaction fees, earn rewards or vote on changes to the platform, dropped 12% over the past 24 hours, according to CoinGecko. According to Harmony’s website the total value of Harmony’s underlying blockchain is more than $1 billion.

It wasn’t immediately clear whether any user funds had been stolen.

‘Private Key Compromise’

The attack on Horizon, which offers cross-chain transfers between Ethereum and Binance’s Smart Chain, marks the third major bridge hack this year. More than $300 million was taken from Wormhole’s bridge by hackers in February. A month later, $620million was stolen from Ronin Bridge.

Chainalysis estimates that more than $1Billion had already been taken from bridges before the Horizon hack.

In Horizon’s case, “the theft seems to have happened due to a private key compromise,” said Xuxian Jiang, chief executive officer of security firm PeckShield, which has been contacted by Harmony for support. Harmony has not yet responded to our requests for comment.

The Horizon bridge is managed and secured by four wallets, Jiang said, and an authentication from at least two of the wallets—each supported by multiple signatures —is required to validate and execute a transaction. Jiang explained that the attacker had the ability to breach the wallets’ private data and trigger transactions which drew funds from the Horizon bridge into an external wallet.

Researchers Elliptic stated that hackers stole Ether, BNB, and stablecoins Tether and USDC from the hackers. tweet. Those tokens were then swapped for Ether using so-called decentralized exchanges in what Elliptic called “a commonly-seen technique with these hacks.”

Ronin Hack

Horizon utilizes the same security method as the Ronin bridge. It is connected to Axie Infinity which requires five of the nine validators to sign off when it was compromised. Harmony, as described on its website is very popular for games like DeFi Kingdoms and Mars Colony.

After the Ronin attack, which was attributed to a North Korean hacker group, owner Sky Mavis sharply increased the number of validators required to sign off on transactions—pledging to eventually boost it to over 100.

Learn More Bitcoin will soon be available in your 401(k) But Your Employer Probably Won’t Let You Invest in It

Thursday’s attack on the Horizon bridge followed an exploit related to five user wallets on Harmony’s network in January, in which the company said a thief had siphoned 19,314,598 ONE tokens, worth roughly $5.8 million at the time.

Tracker Dune reported that the value of bridges linked to Ethereum blockchain decreased by 60% to $12 billion in 30 days. It was caused by liquidity concerns around large crypto companies such as Celsius Network and Babel Finance.

Updates to provide context starting at the third paragraph, and continuing throughout

–With assistance from Suvashree Ghosh Tanzeel Akhtar.

Reach out to usSend your letters to time@time.com