- The Crypto industry witnesses attacks often, and Harmony is the recent victim of one such act.
- The unknown hacker managed to snatch away multiple assets like BNB, ETH, etc., which were bridged from Ethereum to Harmony.
- The unethical actor got the control of the multi-signature wallet utilized in the deployment of Harmony’s bridge, highlighted Polygon’s chief information security officer.
The cryptocurrency industry has witnessed several hacks and attacks since its existence. And an instance with Harmony on Thursday, when the Proof-of-Stake (PoS) blockchain lost $100 Million to theft on its Ethereum-linked bridge, is a recent example of that.
The unknown hacker managed to snatch away multiple assets like BNB, ETH, USDC, DAI, and USDT. The assets were earlier bridged from Ethereum to the Harmony blockchain via the Horizon bridge.
Harmony then highlighted that it was in the works with law enforcement agencies and cyber security entities. But it was not clear as to how exactly the attack happened.
Although the team behind Harmony did not present a clear view of anything, but according to Polygon’s chief information security officer, Mudit Gupta, the unethical actor got the control of the multi-signature wallet utilized in the deployment of Harmony’s bridge.
A multi-signature wallet is a smart contract account managed with various private keys, divided among multiple entities instead of a single person. According to Gupta, he found that the wallet fund of the bridge needed permission from a minimum of two out of five private keys so that the attacker might have accessed two private keys and got the authority.
He highlighted that the bridge was a two-of-five multi-sig. And if any two addresses asked it to transfer funds to anyone. And the attacker compromised two addresses and used them to spill the funds.
The smart contract security company, Certik, talked about what the unethical actor did; it highlighted that the attacker carried out the exploit by somewhat controlling the owner of the MultiSigWallet to call the confirm transactions directly to transfer high amounts of tokens from Harmony’s bridge.
Source: https://www.thecoinrepublic.com/2022/06/25/harmonys-harmony-disrupted-analysts-says-100m-attacker-gained-control-of-multi-sig-wallet/