Harmony Protocol, which lost $100 million in a bridging attack earlier this week, announced a $1 million reward for returning stolen funds and explaining the breach.
Additionally, the firm specializing in cross-chain bridges announced that it will lobby against criminal charges after the refund.
It provides an email ([email protected]) and an Ethereum wallet (0xd6ddd996b2d5b7db22306654fd548ba2a58693ac) address for the attacker to contact.
It remains to be seen whether hackers will accept the bounty, which is only 1% of the stolen funds. They held $98 million in stolen funds in their Ethereum wallets and around $1.79 million in Binance Smart Chain addresses.
Harmony first contacted the hackers on June 24, expressing their interest in negotiating, even anonymously.
Harmony exploits leaked private key
Proof-of-stake blockchain Harmony lost $100 million after hackers attacked the Horizon bridge used to transfer tokens between the Ethereum network and Binance Smart Chain. According to security firm Peckshield, the vulnerability exploits leaked private keys.
Private information from two of the four crypto wallets supporting the bridge was used to transfer $100 million in ether, Binance Coin, and three stablecoins to an external wallet. According to forensics firm Elliptic, these were exchanged for ether via a decentralized exchange.
A Twitter user who goes by the pseudonym @_apedev pointed out the Harmony vulnerability in April.
Cross-chain bridge vulnerability
Blockchains have native tokens that are not compatible with other blockchains. For example, ether can only be used on the ethereum blockchain, while bitcoin can be used on the bitcoin network. Cross-chain bridges enable the exchange of tokens between different blockchains. However, they are complex and the software is often developed by anonymous teams.
To use the currency of your choice on the Bitcoin network requires the use of a bridge to convert your tokens into “wrapped bitcoins”, another voucher-like store of value on the target network. Smart contracts handle the conversion.
The wrapped bitcoins were underwritten by the actual bitcoins on the bridge, which became a target for hackers because it was often unclear how the funds on the bridge were protected.
In the early days of cryptocurrencies, circa 2009, bridges were not needed because the Bitcoin network was the only blockchain. Fast forward 13 years later, the explosion of decentralized finance requires bridging the gap between blockchains.
One of the biggest bridge hackers to date has stolen more than $600 million from the Ronin bridge used by Sky Mavis for its use in March’s game Axie Infinity. The hack was caused by a private key leak, bringing the total losses to bridge hackers to $1 billion.
Harmony’s ONE token fell to a seven-day low on June 24, trading at $0.0236. According to Coingecko, it has recovered slightly to $0.0244 at press time.
All information contained on our website is published in good faith and for general information purposes only. Any action taken by readers with respect to the information on our site is entirely at their own risk.