The Harmony blockchain bridge is attacked and $100M is stolen. This is the third biggest bridge hack of 2022 and it calls into question the security of bridges, these applications that allow the transfer of crypto-assets from one network to another.
What happened?
On Friday, June 24, 2022 a flaw on Horizon Bridge was exploited by a malicious hacker who stole nearly $100,000,000. A few hours later the team declared on Twitter that they were in contact with the relevant authorities and that they were continuing their investigations. The bridge is currently stopped to avoid any further risk.
A bridge is an application that allows cryptocurrencies to be transferred from one blockchain to another. In the case of Horizon Bridge it was possible to transfer funds between the Harmony blockchain and Ethereum, the Binance Chain or Bitcoin. According to the Harmony team, the bridge with Bitcoin would not be impacted.
During this malicious operation, more than 10 cryptocurrencies were stolen, including WETH, BUSD, USDT, WBTC and USDC. The attacker then exchanged these cryptos for ETH on the DEX Uniswap.
The application had been audited by the company PeckShield, which specializes in discovering and correcting flaws, but this does not ensure that there is no risk.
Some people had already warned about the risk of hacking this particular bridge. In April 2022, an Internet user reported that only 2 out of 4 authorizations from the contract owners were required to authorize transactions. So it could be that two of the four addresses have been compromised or it could be a malicious act from part of the team.
These applications are prime targets for hackers because they are complicated to secure. Vitalik Buterin himself declared that he did not think that the future would be “cross chain” because of these security problems. You can find his complete argument on Reddit.
What impact on Harmony?
This is the third biggest bridge hack so far this year after Wormhole and Ronin.
The price of ONE, a cryptocurrency in the Harmony ecosystem, has depreciated by nearly 10% in the last 24 hours.
What impact on other protocols?
It seems that the hack has caused problems within the Harmony ecosystem, especially in applications related to Decentralized Finance (DeFi). Indeed, stablecoins like USDC, BUSD or USDT lost their peg, i.e. their parity with the dollar. This has led to malfunctions on some protocols.
We also see that the total locked value (TVL) in the decentralized finance of the Harmony blockchain has depreciated by almost 20% over the last 24 hours according to DefiLlama.