Harmony (ONE) Offers $1M Bounty for Return of Stolen Funds

Please fol­low and like us:
Pin Share

Har­mo­ny Pro­to­col, which lost $100 mil­lion in a bridge attack ear­li­er this week, has announced a $1 mil­lion boun­ty for return­ing stolen funds and an expla­na­tion for the breach.

In addi­tion, the com­pa­ny, which spe­cial­izes in cross-chain bridges, announced that it would lob­by for no crim­i­nal charges after the mon­ey is returned. 

It sup­plied an email ([email pro­tect­ed]) and an Ethereum wal­let (0xd6ddd996b2d5b7db22306654fd548ba2a58693ac) address for the attack­er to get in touch.

It remains to be seen whether the hack­er will accept the boun­ty, which is only 1% of the stolen funds. They hold $98 mil­lion of the stolen funds in an Ethereum wal­let and about $1.79 mil­lion at a Binance Smart Chain address.

Har­mo­ny first reached out to the hack­er on June 24, indi­cat­ing that they were inter­est­ed in nego­ti­a­tions, even if done anonymously.

Harmony exploit used compromised private keys

Har­mo­ny, a proof-of-stake blockchain, lost $100 mil­lion after hack­ers tar­get­ed the Hori­zon bridge used for trans­fer­ring tokens between the Ethereum net­work and the Binance Smart Chain. The exploit used com­pro­mised pri­vate keys, accord­ing to secu­ri­ty firm Peckshield.

Pri­vate infor­ma­tion from two of four cryp­to wal­lets sup­port­ing the bridge was used to siphon $100 mil­lion in ether, Binance Coin, and three sta­ble­coins, to an exter­nal wal­let. Accord­ing to foren­sics firm Ellip­tic, these were swapped for ether using a decen­tral­ized exchange.

A Twit­ter user going by the pseu­do­nym @_apedev point­ed out the vul­ner­a­bil­i­ty to Har­mo­ny in April.

Cross-chain bridge vulnerabilities

Blockchains have native tokens incom­pat­i­ble with oth­er blockchains. For exam­ple, ether can only be used on the Ethereum blockchain, while bit­coin can be used on the Bit­coin net­work. Cross-chain bridges enable exchanges of tokens between dif­fer­ent blockchains. How­ev­er, they are com­plex, with soft­ware often devel­oped by an anony­mous team.

To use your cur­ren­cy of choice on the Bit­coin net­work involves using a bridge to con­vert your token to “wrapped bit­coin,” an alter­na­tive store of val­ue on the tar­get net­work sim­i­lar to a vouch­er. Smart con­tracts han­dle the conversion.

The wrapped bit­coin is under­writ­ten by actu­al bit­coins on the bridge, which become a tar­get for hack­ers since it is often unclear how the funds on the bridge are protected.

Bridges were not need­ed in the ear­ly days of cryp­to cir­ca 2009, as the Bit­coin net­work was the only blockchain. Fast for­ward 13 years lat­er, and you have the explo­sion of decen­tral­ized finance demand­ing the chasm between blockchains be bridged.

To date, one of the largest bridge hacks saw over $600 mil­lion stolen from the Ronin bridge used by Sky Mavis for their play-to-earn game Axie Infin­i­ty in March. This hack, which result­ed from a pri­vate key com­pro­mise, took the total loss from bridge hacks to $1 billion.

Harmony’s ONE token fell to a sev­en-day low on June 24, trad­ing at $0.0236. It recov­ered slight­ly to $0.0244 at press time, accord­ing to Coingecko.

Disclaimer

All the infor­ma­tion con­tained on our web­site is pub­lished in good faith and for gen­er­al infor­ma­tion pur­pos­es only. Any action the read­er takes upon the infor­ma­tion found on our web­site is strict­ly at their own risk.



Source link

Please fol­low and like us:
Pin Share

Leave a Reply

Your email address will not be published.