Hackers took advantage of a system vulnerability that allowed them to make away with around $100 million from an apparent cryptocurrency bridge.
Horizon bridge, which is under the Harmony blockchain, allows users to swap coins between blockchains. Harmony announced the attack on Thursday morning and has stated that it has “begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.”
Horizon is the third to be attacked this year. Earlier this year, hackers managed to finesse over $300 million from the Wormhole bridge. In March, hackers stole $620 million from Ronin Bridge. The total lost value of bridge hacks has amounted to more than $1 billion dollars in the last few years, far before Horizon’s, says a Chainanalysis researcher.
Harmony’s native ONE token dropped 13% in the past 24 hours, according to crypto news site CoinGecko.
Xuxian Jiang, the chief executive officer of security from PeckShield, said, “The theft seems to have happened due to a private key compromise.”
Jiang continued that the Harmony bridge is managed and secured by four multi-signature wallets and authentication from at least two of them is required to validate and execute a transaction. Popular play-to-earn game, Axie Infinity, which was on the Ronin hack when it occurred, has since made moves to protect its users from similar cases by requiring 5 out 9 validators to log off.
Bridges are particularly vulnerable to hacks, as their technology is complex and they are often run by anonymous teams. The way they safeguard funds is often unclear. The amount of money locked on bridges connected to the Ethereum blockchain declined 60% in the last 30 days, to less than $12 billion, per tracker Dune.
The drop was triggered by a wider crypto market slump and liquidity concerns surrounding lender Celsius Network and crypto-focused hedge fund Three Arrows Capital.