US-based company Harmony, the crypto startup behind Horizon Blockchain Bridge, announced Friday that $100 million worth of digital tokens had been stolen from one of its flagship products.
For inexperienced users, Horizon Blockchain Bridge allows users to transfer their crypto assets, including tokens, stablecoins and NFTs, between Ethereum, Binance Smart Chain and the Harmony blockchain.
The company said it became aware on June 23, 2022, of a malicious attack successfully carried out on its own Horizon Ethereum Bridge, which compromised the bridge with 11 transactions that retrieved tokens stored in the bridge. The estimated value of the stolen crypto at the time of the attack was about $100 million.
Harmony added that it had halted the Horizon Bridge to prevent further transactions. Incidentally, Harmony’s bridge for Bitcoin was not affected by the attack; the funds and assets stored in decentralized vaults are safe at this point.
Following the attack, the company immediately notified multiple cybersecurity partners, exchange partners and the FBI (Federal Bureau of Investigation) and asked to assist in an investigation into identifying the culprit and methods to recover stolen assets. It was only after these contacts had been made that Harmony announced the hack via Twitter and his blog post.
1/ The Harmony team identified a theft this morning on the Horizon Bridge for an amount of approximately $100MM. We have started working with national authorities and forensic specialists to identify the perpetrator and recover the stolen money.
— Harmony? (@harmony protocol) June 23, 2022
The Harmony team has even attempted to communicate with the hacker at his address: 0x0d043128146654c7683fbf30ac98d7b2285ded00 with an embedded message in a transaction at approximately 5:30 PM PST and is waiting for a response.
“Harmony believes that focusing on decentralized bridges is an essential step forward for Web3. This incident is a humbling and unfortunate reminder of how our work is paramount to the future of this space, and how much of our work still lies ahead of us,” the company said in a statement.
Ongoing investigations are challenging what information may be shared with the public, but we will continue to provide updates with the latest information as soon as we can share it.
“We are working around the clock to ensure that both the investigation and recovery of stolen funds are completed in the most time-efficient manner.”
On Friday, the Harmony team said they have handed over their findings to its US colleagues who have resumed the investigation along with its cybersecurity partners. The research team is made up of engineers around the world, including the US, Greece, India and Cambodia.
This breach is the third major bridge hack this year after Wormhole Bridge received a $325 million hack in February and Ronin Network lost more than $600 million in March as a result of a blockchain bridge attack. More than $1 billion has been stolen from cryptocurrency bridges in the year 2022 alone.