Harmony, a blockchain protocol for Web3 apps and games like DeFi Kingdoms, has offered a $1 million bounty for the return of $100 million stolen during the latest bridge attack. However, some people think the reward is too low for hackers to consider taking it.
What happened?
- Last week, the Horizon Protocol team revealed that its Horizon bridge was compromised on June 23. As a result, 11 transactions extracted tokens stored there valued at around $100 million.
- Horizon is a bridge that allows users to transfer assets to and from Harmony to other blockchains, including Ethereum and Binance Smart Chain.
- The company notified its security partners and the FBI to assist with an investigation. Harmony later managed to identify the culprit’s address.
- “Further, the team has attempted communication with the hacker with an embedded message in a transaction to the culprit’s address,” Harmony said.
2/ 0x address of the culprit below:https://t.co/VXO7s6FpIy
— Harmony 💙 (@harmonyprotocol) June 23, 2022
- According to blockchain analysis company Elliptic, the hackers stole a variety of crypto assets, including Ethereum, Tether, USD Coin, Dai, and Binance Coin (via TechCrunch).
- Harmony stopped the Horizon bridge following the attack, suspending further transactions.
- “Harmony believes that focusing on decentralized bridges is an essential step forward for Web3,” the company’s blog post reads. “This incident is a humbling and unfortunate reminder of how our work is paramount to the future of this space, and how much of our work remains ahead of us.”
- This is another major attack on blockchain bridges, following the infamous hack of Axie Infinity’s Ronin Network (around $625 million were stolen).
Bounty announcement and community reaction
- Over the weekend, Harmony announced its decision to commit to a $1 million bounty for the return of the funds and sharing exploit information.
- The company noted that it will advocate for no legal charges if the culprit returns the assets and provides the required data.
We commit to a $1M bounty for the return of Horizon bridge funds and sharing exploit information.
Contact us at whitehat@harmony.one or ETH address 0xd6ddd996b2d5b7db22306654fd548ba2a58693ac.
Harmony will advocate for no criminal charges when funds are returned.
— Harmony 💙 (@harmonyprotocol) June 26, 2022
- According to REKT Database, the Horizon exploit is the 14th largest in cryptocurrency history. However, the 1% bounty is one of the smallest offered so far (via Yahoo Finance).
- This announcement caused a mixed reaction within the crypto community. “Isn’t it funny to actually reward the hackers with $1M dollars for returning the fund when they can get away with $100M?” one user wrote. “Even if they accept the offer, the same hackers will and again [compromise another] system? Problem isn’t solved.”
- Harmony, meanwhile, found evidence that private keys were compromised and led to the breach of the Horizon bridge.
- “Private keys were stored encrypted by Harmony,” the company’s founder Stephen Tse said in a statement. “These keys were doubly encrypted using a passphrase and a key management service. No single machine had access to multiple plaintext keys. The system was designed to avoid persistent storage of plaintext secrets at rest.”
7/ We have migrated the Ethereum side of the Horizon bridge to a 4-of-5 multisig since the incident. We will continue taking steps to further harden our operations and infrastructure security.
— stephen tse 💙 s.one 🌉 stse.eth (@stse) June 26, 2022
Harmony is a blockchain for decentralized apps, which divides not only the network nodes but also the blockchain states into shards. It is best known as the home for DeFi Kingdoms, one of the biggest NFT games globally.
The protocol’s native token, ONE, is still in decline. It is down 9.94% in the last 24 hours, with a live market cap of $271 million (via CoinMarketCap).