100 Million stolen in Crypto from Harmony
Threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony on Thursday evening.
Last week threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony.
Today @HarmonyProtocol disclosed a breach which resulted in the theft of 85,837.252 Ethereum (approx. $99,334,302.58 USD as of this writing)Wallet: 0x0d043128146654C7683Fbf30ac98D7B2285DeD00 pic.twitter.com/cx67pGGaXo— vx-underground (@vxunderground) June 24, 2022
Here comes an initial flow chart @harmonyprotocol pic.twitter.com/5qQ3PAGkYQ— PeckShield Inc. (@peckshield) June 24, 2022The company reported the incident to the authorities, the FBI is investigating the cyber heist with the help of several cybersecurity firms.
Harmony’s Horizon Bridge allows users to transfer their crypto assets from one blockchain to another, the company immediately halted the bridge to prevent further transactions and notified other exchanges.
1 Million bounty
The company also offers a $1 million bounty in exchange for the return of the funds.
We commit to a $1M bounty for the return of Horizon bridge funds and sharing exploit information. Contact us at firstname.lastname@example.org or ETH address 0xd6ddd996b2d5b7db22306654fd548ba2a58693ac. Harmony will advocate for no criminal charges when funds are returned.— Harmony (@harmonyprotocol) June 26, 2022The incident response team announced that it has found no evidence of any breaches of the company smart contract codes or vulnerabilities on the Horizon platform. Harmony pointed out that the consensus layer of the Harmony blockchain remains secure.
Private keys compromised
“Our incident response team has discovered evidence that private keys were compromised, leading to the breach of the Horizon bridge. Funds were stolen on the Ethereum side of the bridge. The private keys were encrypted and stored by Harmony, with the keys doubly encrypted via passphrase and a key management service, and no single machine had access to multiple plaintext keys.” states the update published by the company. “The attacker was able to access and decrypt a number of these keys, including those used to sign the unauthorized transactions and take assets in the form of BUSB, USDC, ETH and WBTC. All assets were then swapped to ETH and currently remain on the hacker’s account on the Ethereum network. No steps have currently been taken by the hacker to anonymize ownership of these assets.”
The blockchain security firm CertiK published a detailed analysis of the incident, it confirmed that the threat actors were able to access the owners of Horizon’s multiSig wallets, then drained the funds from Harmony.
“On June 23, 2022 at 11:06:46 AM +UTC, the bridge between Harmony chain and Ethereum experienced multiple exploits. Our expert analysis has identified twelve attack transactions and three attack addresses.” reads the analysis published by CertiK. “Across these transactions the attacker netted various tokens on the bridge including ETH, USDC, WBTC, USDT, DAI, BUSD, AAG, FXS, SUSHI, AAVE, WETH, and FRAX. The transactions vary in value but range from $49,178 to upwards of $41,200,000. The attacker accomplished this by somehow controlling the owner of the MultiSigWallet to call the confirmTransaction() directly to transfer large amounts of tokens from the bridge on Harmony, which led to a total loss around $97M worth of asset on the Harmony chain which the attacker has consolidated into one main address.”
Unfortunately, attacks against blockchain bridges are becoming frequent, the list of hacked platforms includes the Ronin Bridge (March), and Wormhole.
The post Threat actors stole $100M in crypto assets from Harmony appeared first on Security Affairs.