Threat actors stole $100M in crypto assets from Harmony

Threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony on Thursday evening.

Last week threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony.

The company reported the incident to the authorities, the FBI is investigating the cyber heist with the help of several cybersecurity firms. 

Harmony’s Horizon Bridge allows users to transfer their crypto assets from one blockchain to another, the company immediately halted the bridge to prevent further transactions and notified other exchanges.

The company also offers a $1 million bounty in exchange for the return of the funds.

The incident response team announced that it has found no evidence of any breaches of the company smart contract codes or vulnerabilities on the Horizon platform. Harmony pointed out that the consensus layer of the Harmony blockchain remains secure.

“Our incident response team has discovered evidence that private keys were compromised, leading to the breach of the Horizon bridge. Funds were stolen on the Ethereum side of the bridge. The private keys were encrypted and stored by Harmony, with the keys doubly encrypted via passphrase and a key management service, and no single machine had access to multiple plaintext keys.” states the update published by the company. “The attacker was able to access and decrypt a number of these keys, including those used to sign the unauthorized transactions and take assets in the form of BUSB, USDC, ETH and WBTC. All assets were then swapped to ETH and currently remain on the hacker’s account on the Ethereum network. No steps have currently been taken by the hacker to anonymize ownership of these assets.”

The blockchain security firm CertiK published a detailed analysis of the incident, it confirmed that the threat actors were able to access the owners of Horizon’s multiSig wallets, then drained the funds from Harmony.

“On June 23, 2022 at 11:06:46 AM +UTC, the bridge between Harmony chain and Ethereum experienced multiple exploits. Our expert analysis has identified twelve attack transactions and three attack addresses.” reads the analysis published by CertiK. “Across these transactions the attacker netted various tokens on the bridge including ETH, USDC, WBTC, USDT, DAI, BUSD, AAG, FXS, SUSHI, AAVE, WETH, and FRAX. The transactions vary in value but range from $49,178 to upwards of $41,200,000. The attacker accomplished this by somehow controlling the owner of the MultiSigWallet to call the confirmTransaction() directly to transfer large amounts of tokens from the bridge on Harmony, which led to a total loss around $97M worth of asset on the Harmony chain which the attacker has consolidated into one main address.”

Unfortunately, attacks against blockchain bridges are becoming frequent, the list of hacked platforms includes the Ronin Bridge (March), and Wormhole.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Harmony)

[adrotate banner=”5″]

[adrotate banner=”13″]