Harmony Ropes in FBI After Losing $100M in Exploit; ONE Token Slumps

Developers said they are working with national authorities and forensic specialists to identify the culprit.

AccessTimeIconJun 24, 2022 at 7:12 a.m. UTC
Updated Jun 24, 2022 at 4:29 p.m. UTC

Shaurya is an analyst/editor for CoinDesk's markets team in Asia.

A popular product on the Harmony network was exploited for over $100 million in cryptocurrencies in what is one of the biggest crypto hacks in recent weeks.

  • "The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM," the network's developers said in a tweet. "We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds."
  • The Federal Bureau of Investigation (FBI), the domestic intelligence and legal enforcement agency of the U.S., and cybersecurity firms have joined the search for the attacker, Harmony said in a subsequent tweet.
  • Harmony's native ONE token slumped on news of the exploit, taking its decline in the past 24 hours to more than 12%. This was despite the broader market seeing a recovery, with bitcoin nearing the $21,000 mark.
  • The attack adds to this year's litany of exploits targeting bridges, which allow users to move tokens between blockchains, taking the total lost to more than $1 billion in 2022 alone. Among the biggest, in February, Wormhole bridge suffered a $326 million hack, and in April Ronin was exploited for $625 million.
  • The Horizon bridge allowed users to exchange assets, such as tokens, stablecoins and non-fungible tokens (NFTs), between the Ethereum, Binance Smart Chain (BSC) and Harmony blockchains.
  • Harmony said in a separate tweet that the exploit did not impact its bitcoin bridge and that funds and assets stored on decentralized vaults were "safe at this time."
  • The mechanism of how the bridge worked allowed attackers to exploit the network. It worked as follows, as per developer documents: A set of smart contracts were deployed on Ethereum, BSC and Harmony blockchains. A pool of validators verifies when users lock liquidity on any of those networks.
  • When a token lock action is detected on the Ethereum blockchain, the pool of validators validates it and relays the finalized information to the Harmony blockchain, where a matching amount of a bridged token is minted. On the opposite side, when a bridged token burn is detected on the Harmony blockchain, the pool of validators validates it and relays the finalized information to the Ethereum blockchain, where the same amount of the original token is unlocked.
  • The attacker did not move any funds to exchanges or privacy swap services, such as Tornado Cash, at the time of writing, blockchain data shows.
  • Meanwhile, Harmony developers said they had notified exchanges and stopped the Horizon bridge to prevent further transactions. "The team is all hands on deck as investigations continue," they added. Harmony did not return requests for comment at writing time.

UPDATE (June 24, 10:09 UTC): Adds FBI involvement, ONE token performance in headline, text; adds bullet on previous bridge hacks this year.


Read more about

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

CoinDesk - Unknown

Shaurya is an analyst/editor for CoinDesk's markets team in Asia.

CoinDesk - Unknown

Shaurya is an analyst/editor for CoinDesk's markets team in Asia.

Trending

1
CoinDesk - Unknown
Former JPMorgan Banker Samir Shah Becomes COO at Pantera Capital

Shah joins Pantera after 12 years at JPMorgan spanning roles in sales, strategy and digital.

CoinDesk - Unknown
2
CoinDesk - Unknown
First Mover Asia: Bitcoin Rebounds Past $20K; China’s Blockchain Revolution Is Missing On-Chain Data

Ether and most other major altcoins regain ground they'd lost in last week's downturn; China companies seem unconvinced by blockchain technology.

CoinDesk - Unknown
3
CoinDesk - Unknown
NFT Platforms Should Be Caught by EU Money-Laundering Overhaul, Lawmakers Say

Unhosted wallets and decentralized finance were left largely unscathed by two landmark crypto laws agreed to last week, but left-wing lawmakers may seek another go as they discuss dirty-money rules.

CoinDesk - Unknown
4
CoinDesk - Unknown
Bitcoin se recupera y supera los $19K; Nomura advierte de una recesión en EE. UU. y Reino Unido

Nomura escribió acerca de una recesión en la eurozona, el Reino Unido y Asia Pacífico, lo que podría influir en los precios de las criptomonedas.

CoinDesk - Unknown