Harmony Ropes in FBI After Losing $100M in Exploit; ONE Token Slumps

A popular product on the Harmony network was exploited for over $100 million in cryptocurrencies in what is one of the biggest crypto hacks in recent weeks.

"The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM," the network's developers said in a tweet. "We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds."
The Federal Bureau of Investigation (FBI), the domestic intelligence and legal enforcement agency of the U.S., and cybersecurity firms have joined the search for the attacker, Harmony said in a subsequent tweet.

Harmony's native ONE token slumped on news of the exploit, taking its decline in the past 24 hours to more than 12%. This was despite the broader market seeing a recovery, with bitcoin nearing the $21,000 mark.
The attack adds to this year's litany of exploits targeting bridges, which allow users to move tokens between blockchains, taking the total lost to more than $1 billion in 2022 alone. Among the biggest, in February, Wormhole bridge suffered a $326 million hack, and in April Ronin was exploited for $625 million.
The Horizon bridge allowed users to exchange assets, such as tokens, stablecoins and non-fungible tokens (NFTs), between the Ethereum, Binance Smart Chain (BSC) and Harmony blockchains.
Harmony said in a separate tweet that the exploit did not impact its bitcoin bridge and that funds and assets stored on decentralized vaults were "safe at this time."
The mechanism of how the bridge worked allowed attackers to exploit the network. It worked as follows, as per developer documents: A set of smart contracts were deployed on Ethereum, BSC and Harmony blockchains. A pool of validators verifies when users lock liquidity on any of those networks.
When a token lock action is detected on the Ethereum blockchain, the pool of validators validates it and relays the finalized information to the Harmony blockchain, where a matching amount of a bridged token is minted. On the opposite side, when a bridged token burn is detected on the Harmony blockchain, the pool of validators validates it and relays the finalized information to the Ethereum blockchain, where the same amount of the original token is unlocked.
The attacker did not move any funds to exchanges or privacy swap services, such as Tornado Cash, at the time of writing, blockchain data shows.
Meanwhile, Harmony developers said they had notified exchanges and stopped the Horizon bridge to prevent further transactions. "The team is all hands on deck as investigations continue," they added. Harmony did not return requests for comment at writing time.

UPDATE (June 24, 10:09 UTC): Adds FBI involvement, ONE token performance in headline, text; adds bullet on previous bridge hacks this year.

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Shaurya Malwa

Shaurya is the Deputy Managing Editor for the Data & Tokens team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.

Follow @shauryamalwa on Twitter

Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.