On Thursday, June 23rd, Harmony, the crypto firm behind the layer-1 blockchain of the same name, announced on Twitter that it had been hacked for $100 million – again highlighting the severe vulnerabilities in the digital asset ecosystem. Details are scarce, but the vulnerability concerns lie within Harmony’s proprietary blockchain bridge (cross-chain bridge), known as “Horizon.”
Blockchain bridges allow investors to transfer their assets across a multitude of other blockchains, and in this case, it offered cross-chain transfers between Ethereum (ETH), Binance Smart Chain (BSC), and Harmony (ONE). For individuals to use these bridges to transfer their money, funds are locked on one blockchain and then unlocked on another.
Because these bridges maintain large volumes of liquidity, they are seen as tempting targets for these digital thieves.
There is a great deal of speculation as to what exactly could have happened. Earlier this year, some investors raised security issues on Horizon’s multisig wallet security and its reliance on a mere two signatures. Still, those fears seemed to have fallen on deaf ears. Multisig or “multi-signature” security is a relatively safe and effective way to protect your assets. They are crypto wallets that require two or more private keys to access the wallet and then be able to sign or send transactions. For personal use having two signatures is usually more than enough security. Still, in this case, when you are responsible for protecting so much investor liquidity, one would think that there would be more than just two signatures guarding the funds.
This hack marks the third major bridge attack this year, adding to the total amount stolen from blockchain bridges, which sits at over $1 billion.
In the 24 hours after news of the attack had broken, Harmony’s ONE had dropped about 13%. Perhaps a great buying opportunity.