On June 23, 2022, the Harmony development team announced that $ 100 million had been diverted from the Horizon Bridge and the organization explained that it was working with national authorities and forensic experts. According to a published account, Polygon’s head of information security, Mudit Gupta, the Horizon Bridge striker allegedly took control of the multi-signature portfolio seized at the Harmony Bridge.
The OSC of Harmony’s multi-exploited polygon says the founder of Harmony Protocol found evidence that “private keys were compromised.”
Three days ago, Harmony explained that it was attacked and the team witnessed $ 100 million diverted from the Horizon Bridge. “The Harmony team has identified a robbery that occurred this morning on the Horizon Bridge for an amount of approximately $ 100 [million]”We started working with national authorities and forensic specialists to identify the culprit and recover the stolen funds,” Harmony’s team added.
After the operation, the next day, Polygon’s head of information security, Mudit Gupta, said the bridge was a 2 out of 5 multiple signature scheme and anyone with two of the addresses can take control of it. . “The hacker compromised 2 addresses and made them run out of money,” Gupta added. Gupta said that although the details are not yet public, he summarized what he believes took place during the hacking. “The two addresses were probably hot wallets used to listen to and process legitimate bridge transactions,” Gupta explained.
“The attacker compromised the servers on which these hot wallets were running,” Polygon’s CSO wrote Friday. “Once inside the server, they could access keys that were stored in plain text to sign legitimate transactions. It is likely that operating the server was an SSH or social engineering key compromise. This is strangely similar to how it was hacked and Ronin “. The analyst also added:
This was not a “blockchain hack”. It was a “traditional hack.” I have been calling for protocols to also focus on traditional security along with blockchain security for months …
In addition, an incident report written by the founder of the Harmony protocol states that “the team has found evidence that the private keys were compromised, which led to the violation of our Horizon Bridge: funds were stolen from the side of Ethereum of the bridge “. The founder of Harmony also noted that “confidentiality is key to maintaining integrity as part of this ongoing investigation: the omission of specific details is to protect sensitive data in the interest of our community.”
Tags in this story 100 Million, 2 of 5 Multisignature Scheme, Confidentiality, Decentralized Finance, DeFi, Challenge Hacks, Harmony Hack, Harmony Protocol, Harmony Protocol’s Founder, Horizon Bridge, Horizon Bridge Exploit, Incident Report, Mudit Gupta, Multi- signature, Polygon CSO, Ronin Exploit, sensitive data, stolen funds
What do you think of the $ 100 million Harmony operation? Let us know what you think about this topic in the comments section below.
Jamie Redman
Jamie Redman is the head of Bitcoin.com News and a financial technology journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He is passionate about Bitcoin, open source, and decentralized applications. Since September 2015, Redman has written more than 5,000 articles for Bitcoin.com News about the disruptive protocols emerging today.
Image credits: Shutterstock, Pixabay, Wiki Commons