Hackers looted about $100 million from a so-called cryptocurrency bridge, again exposing a key vulnerability in the digital-asset ecosystem.
Blockchain Harmony said in a tweet that the hack of its Horizon bridge, which lets people swap coins between different blockchains, took place Thursday morning. It has “begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.”
Most of the crypto world is divided into silos: The Bitcoin and Ethereum networks, for example, can only operate using Bitcoin and Ethereum tokens. As more cryptocurrencies gain adoption and traders demand the ability to interact seamlessly with one another, projects like Harmony are developing platforms known as bridges that can accept a variety of tokens and move them fluidly between blockchains.
But bridges are particularly vulnerable to hacks, as their technology is complex and they are often run by anonymous teams. The way they safeguard funds is often unclear. Sophisticated hackers have repeatedly targeted them.
Harmony’s native ONE token, used to pay transaction fees, earn rewards or vote on changes to the platform, dropped 12% over the past 24 hours, according to CoinGecko. The underlying Harmony blockchain has more than $1 billion in total value locked to the project, according to its website.
It wasn’t immediately clear whether any user funds had been stolen.
‘Private Key Compromise’
The attack on Horizon, which offers cross-chain transfers between Ethereum and Binance’s Smart Chain, marks the third major bridge hack this year. In February, hackers stole more than $300 million from the Wormhole bridge, followed by a $620 million theft from the Ronin bridge a month later.
Even before to the Horizon hack, more than $1 billion had been stolen from bridges, researcher Chainalysis has estimated.
In Horizon’s case, “the theft seems to have happened due to a private key compromise,” said Xuxian Jiang, chief executive officer of security firm PeckShield, which has been contacted by Harmony for support. Harmony did not immediately respond to requests for comment.