CryptoCurrency News - June 28, 2022

Late last week, Harmony Protocol’s bridge to the BSC and Ethereum networks was exploited, leading to a loss of $100 million worth of ETH.

Following a curiously underwhelming statement that at least the bitcoin bridge was unaffected, the Harmony team announced that they are working with “national authorities and forensic specialists” in order to recover the stolen funds from the as yet unidentified exploiters.

Multi-Sig Security Improved

Owing that the exploit was carried out by abusing the weak security of Harmony’s multi-sig wallet, the project’s devs have since changed the previous multi-sig setup – requiring 2 out of 4 signatures to process a transaction – to a 4 out of 5 signature setup.

“We have migrated the Ethereum side of the Horizon bridge to a 4-of-5 multi-sig since the incident. We will continue taking steps to further harden our operations and infrastructure security. To reiterate, we are in the middle of an ongoing investigation. We will continue to keep everyone up-to-date and appreciate your patience and support.”

Although the vulnerability initially reported by independent researchers in April was only fixed after disaster struck, it’s better late than never. The team also attempted to turn back the clock on past failures, offering to bury the hatchet if 99% of the funds were returned – a proposition mostly met with gallows humor and general derision by the Harmony community.


Olive Branch Completely Ignored

Unlike the happy ending to the Optimism debacle earlier this month, the Harmony exploiter did not deign to reply to the offer of a $1 million bounty and dropped charges in exchange for the return of the remaining ETH stolen.

Instead, the exploiter proceeded to launder the swiped ETH via TornadoCash, a service often used by cybercriminals in order to obfuscate the origin of ill-begotten crypto tokens.

The stolen assets are being laundered across multiple transactions at a rate of 100 ETH roughly every 6 minutes. At the time of writing, over $50 million worth of ETH has already been routed through TornadoCash, signifying a refusal of Harmony’s terms.

With the heartfelt – if underwhelming – attempt at resolving the issue amicably falling through, Harmony will have to rely on the forensic specialists and authorities they evoked at the time of the attack.

However, there is no guarantee that they will be able to resolve the situation either. If all else fails, this series of events should at least be an eye-opener for those in the community who may not be taking the security of their projects seriously enough.


Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).

PrimeXBT Special Offer: Use this link to register & enter POTATO50 code to receive up to $7,000 on your deposits.

You Might Also Like:

  • Harmony
    Harmony Bridge Hacked, $100 Million Worth of Ethereum Lost
  • Ronin_Hack
    The Biggest Ever Crypto Hack: What Happened in the Ronin Bridge Attack
  • vitalik buterin
    Vitalik’s Wallet Receives 1 Million OP Tokens From Optimism Exploiter


Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

Not The 2018 Bear Market, Bitcoin Price Could Hit $20,000 In December

The Bitcoin price rebounded off the low of its current range and retraced its weekend loss…