Fun

Harmony’s $100M Hack Was Due to a Compromised Multi-Sig Scheme, Says Analyst

News Feed - 2022-06-27 03:06:36

Harmony"s $100M Hack Was Due to a Compromised Multi-Sig Scheme, Says Analyst


On June 23, 2022, the Harmony development team announced that $100 million was siphoned from the Horizon bridge, and the organization explained it was working with national authorities and forensic specialists. According to an account published Polygon’s chief information security officer, Mudit Gupta, the Horizon bridge attacker allegedly took control of the multi-signature wallet leveraged in Harmony’s bridge. Harmony’s Multi-Sig Exploited Polygon’s CSO Says, Harmony Protocol’s Founder Found Evidence That ‘Private Keys Were Compromised’


Three days ago, Harmony explained that it was attacked and the team witnessed $100 million siphoned from the Horizon bridge. “The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100 [million],” Harmony tweeted on Thursday. “We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds,” the Harmony team added.


Following the exploit, the very next day, Polygon’s chief information security officer, Mudit Gupta, said that the bridge was a 2 of 5 multi-signature scheme, and anyone with two of the addresses can take control of it. “The hacker compromised 2 addresses and made them drain the money,” Gupta added. Gupta said while the details aren’t public yet he summarized what he believes took place during the hack. “The two addresses were likely hot wallets used to listen for and process legit bridging transactions,” Gupta explained.


“The attacker compromised the server(s) that these hot wallets were running on,” the Polygon CSO wrote on Friday. “Once inside the server, they could access the keys that were kept in plaintext for signing legit transactions. The server exploit was likely either SSH key compromise or social engineering. This is eerily similar to how Ronin was hacked.” The analyst further added: This was not a ‘Blockchain Hack.’ It was a ‘Traditional Hack.’ I’ve been begging protocols to focus on traditional security too alongside blockchain security for months now…


Furthermore, an incident report written by the Harmony Protocol’s founder says “the team has found evidence that private keys were compromised, leading to the breach of our Horizon bridge — Funds were stolen from the Ethereum side of the bridge.” The Harmony founder also noted that “confidentiality is key to maintain integrity as part of this ongoing investigation — The omission of specific details is to protect sensitive data in the interest of our community.” Tags in this story 100 million, 2 of 5 multi-signature scheme, Confidentiality, decentralized finance, DeFi, defi hacks, Harmony Hack, Harmony Protocol, Harmony Protocol’s founder, Horizon Bridge, Horizon bridge Exploit, incident report, Mudit Gupta, Multi-signature, Polygon CSO, Ronin Exploit, sensitive data, Stolen funds


What do you think about the Harmony exploit for $100 million? Let us know what you think about this subject in the comments section below. Jamie Redman


Jamie Redman is the News Lead at Bitcoin.com News and a financial tech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He has a passion for Bitcoin, open-source code, and decentralized applications. Since September 2015, Redman has written more than 5,000 articles for Bitcoin.com News about the disruptive protocols emerging today. Yuga Labs Sues Artist Ryder Ripps for "Scamming Consumers" and Misusing Bored Ape Trademarks NEWS | 3 hours ago Crypto Firm Voyager Digital Secures a $500M Line of Credit From Alameda Ventures to Cope With 3AC Exposure NEWS | 8 hours ago


Image Credits: Shutterstock, Pixabay, Wiki Commons Previous articleCrypto Firm Voyager Digital Secures a $500M Line of Credit From Alameda Ventures to Cope With 3AC Exposure Next articleYuga Labs Sues Artist Ryder Ripps for ‘Scamming Consumers’ and Misusing Bored Ape Trademarks Show comments More Popular NewsIn Case You Missed ItTony Hawk"s Latest NFTs to Come With Signed Physical Skateboards


Last December, the renowned professional skateboarder Tony Hawk released his “Last Trick” non-fungible token (NFT) collection via the NFT marketplace Autograph. Next week, Hawk will be auctioning the skateboards he used during his last tricks, and each of the NFTs ... read more.SEC Risks Violating Admin Procedure Act by Rejecting Spot Bitcoin ETFs, Says Grayscale Bill ‘On Digital Currency’ Caps Crypto Investments for Russians, Opens Door for Payments Goldman Predicts US Recession Odds at 35% in 2 Years, John Mauldin Wouldn"t Be Surprised if Stocks Fell 40% Terra"s Algorithmic Dollar-Pegged Crypto UST Is Now the Third-Largest Stablecoin

News Feed
Senators Warren, Grassley want details on CFTC’s communications with FTX
Derek Andersen2 hours agoSenators Warren, Grassley want details on CFTC’s communications with FTXThe bipartisan letter writers also want to know when the agency found out about the wrongdoing at the crypto exchange.638
2024-04-16 06:44 AM
Tanzanian Central Bank Preparing for CBDC to Ensure Country Is Not Left Behind
Tanzanian Central Bank Preparing for CBDC to Ensure Country Is Not Left Behind Florens Luoga, the governor of the Bank of Tanzania, said the apex bank has kickstarted preparations
2021-11-28 16:00 PM
Gareth Jenkinson1 hour agoBNB Chain hard fork to improve security and compatibility with EVM chainsBinance’s BNB Chain is set for two upgrades aimed at improving the finality of the network and compatibility with other
2023-08-10 16:44 PM
Bittrex Target of Latest $1 Million Crypto SIM Hack Lawsuit
Crypto exchange Bittrex is being sued over a SIM swap that netted criminals 100 bitcoin, currently worth nearly $1 million. The case resembles other recent high-profile heists in wh
2019-11-04 11:30 AM
WazirX hacker consolidates $57M ETH into new wallets
Zoltan Vardai14 hours agoWazirX hacker consolidates $57M ETH into new walletsThe hacker behind the $230 million WazirX hack has moved another $57 million of the stolen funds as the exchange doubles down on its bug bounty
2024-07-22 18:28 PM
Binance’s US settlement was a ‘turning page,’ says exec
Jesse Coghlan3 hours agoBinance’s US settlement was a ‘turning page,’ says execBinance institutional and VIP head Catherine Chen says it has “fully” embraced the challenges that came after the exchange’s $4.3
2024-04-11 14:46 PM
Savannah Fortis1 hour agoGoogle requests dismissal of AI data scraping class-action suitGoogle argued in its motion to dismiss the claims that using publicly available information shared on the internet is not “stealin
2023-10-18 07:37 AM
‘Bank of Jamaica Will Roll Out Digital Jamaican Dollar in 2022,’ Says Prime Minister
"Bank of Jamaica Will Roll Out Digital Jamaican Dollar in 2022," Says Prime Minister According to an announcement from Jamaica’s Prime Minister Andrew Holness the Bank of Ja
2022-02-14 16:30 PM
Amaka Nwaokocha10 hours agoUS lawmakers introduce CLARITY Act to limit federal ties with Chinese blockchainThe act aims to explicitly forbid U.S. government officials from engaging in transactions with iFinex, the parent
2023-11-09 22:04 PM
Tron DAO Reserve Purchases $38 Million in TRX to Safeguard the Stablecoin USDD
Tron DAO Reserve Purchases $38 Million in TRX to Safeguard the Stablecoin USDD On May 5, Tron’s algorithmic stablecoin USDD went live and so far, the fiat-pegged token has b
2022-05-08 13:00 PM
What 15% BTC price crash? Bitcoin bulls charge higher as $67K returns
William Suberg22 minutes agoWhat 15% BTC price crash? Bitcoin bulls charge higher as $67K returnsBitcoin cancels its snap correction below $60,000 as the latest data shows traders willing to take a fresh bet on BTC price
2024-03-06 17:38 PM
Bitcoin Price Can Recover To $107,000 Again If This Important Level Is Broken
Este artículo también está disponible en español. Over the last few weeks, the Bitcoin price has been on a downward trend, experiencing significant declines that have pus
2024-12-25 05:30 AM