On Thursday, 23rd June 2022, a hacker successfully conducted a malicious attack to steal $100 million from Harmony’s Horizon bridge, through 11 transactions that extracted tokens stored in the bridge. Incidentally, Harmony’s bridge for bitcoin remained unaffected during the attack.
1/ The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.— Harmony 💙 (@harmonyprotocol) June 23, 2022
A blockchain bridge, like Harmony’s Horizon, enables users to move assets including tokens, stablecoins, and NFTs, between different blockchains.
Immediately following the attack, Harmony stopped the Horizon bridge to prevent further transactions. It then contacted FBI and multiple cybersecurity and exchange partners, to investigate, track and assist in retrieval of stolen assets. Only after these contacts established, Harmony announced the hack via Twitter and via its blog post.
The hacker seems to have been identified as the investigating team has attempted communication with an embedded message in a transaction to their address and is awaiting response.
In a blog post, the company said:
“This incident is a humbling and unfortunate reminder of how our work is paramount to the future of this space, and how much of our work remains ahead of us. ... We are working around the clock to ensure both the investigation and recovery of stolen funds are concluded in the most time efficient manner possible."
This breach marks the third major bridge hack this year alone. Even if we exclude the Horizon hack, money stolen from bridges exceeds $1 billion, according to some analysts.