Horizon suffered a major hack on Wednesday morning that made away with two-thirds of its total capital. Stealing a mixture of stablecoins, blockchain, and DeFi tokens, the hacker got away with $100 million worth of ether, BNB, UDST, USDC, dai, AAVE, and SUSHI.
When the attack took place, Harmony developers identified an individual account that it believed to be the culprit and announced it in a tweet. In a follow-up tweet, Harmony said it is working with the Federal Bureau of Investigation and multiple cybersecurity firms to investigate the incident.
Serving as Harmony’s main bridge between Ethereum and Binance Smart Chain blockchains, Horizon allows users to transfer assets like tokens, stablecoins, and NFTs across platforms. And because bridges “maintain large stores of liquidity,” they are a “tempting target for hackers,” according to Jess Symington, research lead at blockchain analysis firm Elliptic.
“In order for individuals to use bridges to move their funds, assets are locked on one blockchain and unlocked, or minted, on another,” Symington said. “As a result, these services hold large volumes of crypto-assets.” According to the company’s website, there is currently over $51,629,097 worth of BNB and ETH locked into the Horizon bridge, making it ripe for cyber attacks.
Although it is not yet clear how the hacker got away with the funds, the security of the Horizon bridge hinges on a “multisig” wallet that requires only two signatures to initiate transactions. Some researchers speculate the breach was the result of a “private key compromise,” where hackers obtained the password, or passwords, required to gain access to a crypto wallet.
Horizon was not available for comment.
If you see something out of place or would like to contribute to this story, check out our Ethics and Policy section.