These bridges play big roles in the world of decentralized finance (DeFi), as the spread-out nature of the industry makes it nearly impossible for people to connect different blockchains directly. Thus, they require the use of bridges like Harmony's. In this case, Horizon allows users to send tokens from the Ethereum cryptocurrency blockchain to the Binance Smart Chain, which is marketed as a high-performance and low-cost platform for holding and trading DeFi products.
Harmony said in a blog post published on Friday, June 24, that it was notified of a "malicious attack" on Horizon on Wednesday, June 22.
"We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds," wrote the company on its social media accounts. Harmony has reportedly approached the Federal Bureau of Investigation and multiple private cybersecurity firms to investigate the incident.
"We have also notified exchange and stopped the Horizon bridge to prevent further [illicit] transactions," said Harmony. "The team is all hands on deck as investigations continue."
"Further, the team has attempted communication with the hacker with an embedded message in a transaction to the culprit's address," said the company.
According to blockchain analysis company Elliptic, a variety of cryptocurrency assets were taken, including Ethereum, Binance Coin and stablecoins Tether, USD Coin and Dai.
The ONE token, Harmony's native cryptocurrency that it forces users to purchase to pay transaction fees, earn rewards and vote on changes to the platform, dropped in value by over 12 percent in the days following the hack.
Harmony later shared the account identification of what it says is the culprit for the heist. The balance of the account on Friday morning was 85,867.27. The company added that the hack has not affected the Horizon bridge in any way, and activity on the bridge is continuing as normal.
"This incident is a humbling and unfortunate reminder of how our work is paramount to the future of this space, and how much of our work remains ahead of us," wrote the company. "Ongoing investigations present a challenge of what information is allowed to be shared with the public, but we will continue to provide updates with the latest information as soon as we are able to share."
The technology that makes the bridges work also makes them particularly vulnerable to hacks. Their technology is very complex and they are often run by anonymous teams whose methods for safeguarding the funds on their platforms are often unclear.
Furthermore, blockchain bridges "maintain large stores of liquidity," according to Elliptic lead researcher Jess Symington. This makes them "tempting targets for hackers."
"In order for individuals to use bridges to move their funds, assets are locked on one blockchain and unlocked, or minted, in another," said Symington. "As a result, these services hold large volumes of crypto assets."
Harmony has not provided any details on how the hacker stole the funds. But one investor, who goes by the online handle Ape Dev, noted that he raised concerns about security on the Horizon bridge as early as April.
Horizon's security hinges on "multi-signature" (multisig) wallets that require only two blockchain signatures to initiate transactions. Researchers noted that hackers can easily compromise blockchain wallets and obtain the passwords necessary to gain access.
Ape Dev warned that if multisig wallets are not strengthened, such as by requiring more signatures to access wallets and initiate transactions, the Horizon bridge could see "another nine-figure hack."
The theft of $100 million worth of cryptocurrency from Harmony is just the latest in a series of major and notable heists in the world of cryptocurrency that have targeted blockchain bridges.
The Ronin Network, a bridge that supports the cryptocurrency-based game Axie Infinity, lost more than $620 million in a security breach in March. Wormhole, another popular blockchain bridge, lost over $325 million in another hack in May. (Related: CRYPTO CON: LUNA founder siphoned off $80 million PER MONTH from the crypto Ponzi scheme before it collapsed, leaving investors wiped out.)
DeFi systems have lost over $10.5 billion in 2021 due to crime, according to Elliptic. This estimate includes stolen funds and price drops in cryptocurrencies offered by systems that were targeted by hacks.
For the latest news about cryptocurrencies and decentralized finance, visit CryptoCult.news.
Watch this episode of the "Health Ranger Report" as Mike Adams, the Health Ranger, talks about the collapse in the cryptocurrency market.