- The attacker carried out 16 malicious transactions ranging in value from 14,190 to 30 ETH.
- The attacker has not yet attempted to use a privacy protocol like Tornado Cash.
According to the Harmony team, roughly $100 million in different tokens have been stolen from the Horizon bridge. The Horizon cross-chain bridge of Harmony, an EVM-compatible Proof-of-Stake blockchain, was breached in a massive security incident.
1/ The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.
More ?
— Harmony ? (@harmonyprotocol) June 23, 2022
According to a Friday morning tweet from the network’s developers, one of Harmony’s bridges, Horizon, has been hacked for about $100 million in different tokens. To help track down the perpetrator and perhaps recover the funds taken, it has already begun cooperating with national authorities and forensic specialists.
It seems that the exploit started at 12:02 UTC on Thursday and continued for around 15 hours, according to on-chain data. Before the Harmony team discovered the assault and shut down the Horizon bridge to prevent additional fraudulent transactions, the attacker carried out 16 malicious transactions ranging in value from 14,190 to 30 ETH. As soon as the attacker stole about $100 million worth of various tokens, they transmitted them to multiple wallets and traded them for Ethereum on the decentralized market Uniswap before returning them to the original wallet.
Surprisingly No Use of Tornado Cash
The attacker has not yet attempted to use a privacy protocol like Tornado Cash to anonymize the stolen assets, which is unusual for these sorts of attacks. The Office of Foreign Assets Control (OFAC) may add the attacker’s wallet to its sanctioned addresses blacklist to prevent Tornado Cash from being used to launder stolen assets again.
Security experts have surmised that the attacker may have access to at least two of the five multi-signature wallet private keys in charge of the Horizon bridge smart contracts. Still, Harmony has not revealed how the vulnerability was carried out.
Source: https://thenewscrypto.com/harmony-exploited-for-100m-after-attackers-target-horizon-cross-chain-bridge/