Harmony Bridge Hacked, $100 Million Worth of Ethereum Lost

CryptoPotatoPublicado em 2022-06-24Última atualização em 2022-06-24

Resumo

A variety of tokens were stolen using this exploit, ranging from wBTC and wETH to AAVE, FRAX, and several stablecoins among other tokens.

On the 24th of June, the Horizon bridge connecting Harmony – a Layer-1 PoS blockchain built for native token ONE – to the Ethereum and Binance Chain ecosystem was hacked, leading to a loss of approximately $100 million in ETH. The exploit was announced on Twitter by the Harmony team, who stated that they are hunting for the culprit.

The bridge has since been shut down to prevent further losses. Harmony devs have also clarified that the BTC bridge is unaffected.
The attack appears to have taken place over the span of 17 hours, starting with a transaction worth a whopping 4,919 ETH, followed by several smaller transactions ranging from 911 to 0.0003 ETH. The last one took place after the bridge had been shut down.
The hack is the latest in a series of exploits affecting the crypto space, such as the Axie Infinity drain, Solana Wormhole, or, more recently, the (misplaced) Optimism fiasco. Another recent vulnerability, the Demonic exploit, which affected multiple crypto wallets, was patched before any damage could be done.
Exchanges have reportedly been notified, as well as “national authorities and forensic specialists.” Unfortunately for Harmony, the former may not be of much help in the event the identity of the hacker is discovered, depending on the jurisdiction that the hacker may be located in.
“We have also notified exchanges and stopped the Horizon bridge to prevent further transactions. The team is all hands on deck as investigations continue. We will keep everyone up-to-date as we investigate this further and obtain more information.”
Prior Warning Issued By Independent Researchers
Curiously, a warning was issued by an independent researcher and blockchain dev Ape Dev back on the 2nd of April. In a series of tweets, Ape Dev called attention to the fact that the security of the Harmony Bridge was built around a multi-sig wallet with only four owners. He predicted that this could be used to execute a very simple attack by getting 2 of the owners to sign off on transfers worth up to $330million.

Whether the Harmony attacker got the idea from Ape Dev’s indication or reached the same conclusion independently is unclear. In either case, however, the warning came nearly three months before the unfortunate event, which should have given Harmony devs enough time to secure their systems.
With cyberattacks becoming more and more prevalent in the crypto space, the security standards of various blockchain-based platforms will likely be scrutinized by third parties with increasing regularity – and rightfully so.

Leituras Relacionadas

The Storage Magnate Who Conquered a Trillion-Dollar Kingdom, Yet Ultimately Could Not Become the Richest

**Summary:** "The Memory Magnate Who Built a Trillion-Dollar Empire, Yet Never Became the Richest" explores the journey of Zhu Yiming, founder of GigaDevice (603986) and co-founder of the soon-to-IPO ChangXin Memory Technologies (CXMT). The article positions GigaDevice, a fabless chip designer now valued at ~¥340 billion, as a prequel to the massive IDM (Integrated Device Manufacturer) venture, CXMT. Starting in 2005 with minimal capital, Zhu strategically "picked up the pieces" by focusing on niche markets like NOR Flash and microcontrollers (MCUs), areas major players were exiting. This allowed GigaDevice to grow into a diversified semiconductor company, maintaining robust profitability even during industry downturns by controlling costs. However, the piece argues that in the highly cyclical and capital-intensive memory chip industry, the fabless model has limits. True resilience and scale require the ability for "counter-cyclical expansion" – investing heavily during downturns – a tactic only possible for IDMs like Samsung or SK Hynix. This insight led Zhu to partner with the Hefei city government in 2016 to establish CXMT, an IDM focused on DRAM. Zhu's symbolic moves, like forfeiting salary and diluting his equity, were crucial in securing the massive state and bank funding needed. CXMT's equipment base is now valued even higher than that of BYD's vast auto manufacturing empire. Despite the potential for CXMT to reach a market cap of ¥1-2 trillion upon its IPO, Zhu's indirect stake in both companies is estimated below 3%, placing his personal wealth far below that of China's top billionaires. The article concludes that his strategic vision built a trillion-yuan memory landscape, but the capital structure necessary to achieve it precluded a personal fortune of similar scale.

marsbitHá 4m

The Storage Magnate Who Conquered a Trillion-Dollar Kingdom, Yet Ultimately Could Not Become the Richest

marsbitHá 4m

Token Of Power Governance Exploit Drains $1.58 Million In WETH, TRM Says

Blockchain intelligence firm TRM Labs reports a governance exploit against the Token of Power protocol, resulting in a loss of approximately $1.58 million in WETH. The attacker exploited a missing timelock in the protocol's Aragon DAO setup, allowing them to propose, vote on, and execute a malicious action within a single block. The attacker funded the operation with 662 ETH from Tornado Cash, purchased enough TOP tokens to gain majority voting power, minted 10 billion new TOP tokens, and swapped them for WETH via a Balancer pool before moving funds back through Tornado Cash. The incident underscores that governance design is a critical security risk in DeFi, where parameters like timelocks provide essential reaction time. It also highlights how mixers and liquidity pools can be utilized in exploits without being directly compromised. Observers are now watching for any movement of the stolen funds and further remediation details from involved parties. This event is part of a broader shift in crypto, emphasizing the importance of underlying infrastructure, security, and governance alongside market movements.

bitcoinistHá 2h

Token Of Power Governance Exploit Drains $1.58 Million In WETH, TRM Says

bitcoinistHá 2h

XRP Ledger Daily Fees Drop Below $400 As Network Activity Question Returns

The XRP Ledger is drawing attention as daily network fees have fallen below $400. While low fees align with XRPL's design for affordable transactions and are often seen as a strength, the metric can also serve as an indicator of network demand and paid transaction volume. This data point of around $3,100 in weekly fee burn highlights the stark contrast with higher-fee chains like Ethereum and Bitcoin. The development fuels an ongoing debate. Proponents view low fees as a sign of efficiency and accessibility, while critics may question if the network is generating sufficient high-value activity relative to its market cap and payments-focused narrative. The article cautions against overstating the finding, noting a single low-fee day does not signify network failure. It instead adds context to discussions about XRPL's usage, especially alongside Ripple's broader initiatives in stablecoins (RLUSD), AI payments, and enterprise infrastructure. The report recommends monitoring for a fee rebound, checking transaction counts for a fuller picture, and confirming the trend via native explorers like Bithomp. It frames the story within a larger market shift where on-chain data, protocol updates, and infrastructure developments are becoming crucial alongside price action. The editorial stance is to present the verified data, explain its significance for assessing network activity, and avoid hype, positioning it as part of the daily crypto conversation.

bitcoinistHá 4h

XRP Ledger Daily Fees Drop Below $400 As Network Activity Question Returns

bitcoinistHá 4h

Ripple Launches XRPL AI Starter Kit For XRP And RLUSD Agent Payments

Ripple has released the XRPL AI Starter Kit, a Phase 1 developer toolkit aimed at enabling AI agents to make payments using XRP and its stablecoin RLUSD on the XRP Ledger. The kit supports the x402 payment standard and includes a server to connect AI systems like Claude directly to XRPL documentation. This move provides XRP with a new utility narrative focused on autonomous, machine-to-machine transactions, where agents could pay for APIs and services without manual approval for each micro-payment. For the XRP community, it represents a push into tangible payment infrastructure beyond speculation. The announcement is a concrete product update within a broader crypto shift towards valuing infrastructure and utility alongside price. The next steps involve monitoring developer adoption, documentation updates, and testnet activity. The story is based on Ripple's official blog.

bitcoinistHá 7h

Ripple Launches XRPL AI Starter Kit For XRP And RLUSD Agent Payments

bitcoinistHá 7h

Zcash Founder Says Anthropic AI Audit Found No Serious Protocol Bugs

Zcash founder Zooko Wilcox announced that an AI security audit of the Zcash protocol, conducted by Anthropic's Mythos model at the request of Shielded Labs, found no new serious bugs. This result provides a positive security headline for the privacy-focused cryptocurrency amidst ongoing regulatory and technical scrutiny. The audit highlights the growing use of AI-assisted tools in crypto security, though it is not a replacement for human review. The absence of major flaws supports confidence in the protocol's robustness, but developers emphasize that security hardening work continues. The story underscores a broader industry shift where infrastructure and security updates are becoming central to crypto market narratives.

bitcoinistHá 10h

Zcash Founder Says Anthropic AI Audit Found No Serious Protocol Bugs

bitcoinistHá 10h

Trading

Spot

Futuros