{"id":2251,"date":"2022-06-27T05:29:46","date_gmt":"2022-06-27T04:29:46","guid":{"rendered":"https:\/\/tradersofcrypto.com\/news\/?p=2251"},"modified":"2022-06-27T05:29:46","modified_gmt":"2022-06-27T04:29:46","slug":"harmony-protocol-heist-horizon-bridge-loses-100m","status":"publish","type":"post","link":"https:\/\/tradersofcrypto.com\/news\/harmony-protocol-heist-horizon-bridge-loses-100m\/","title":{"rendered":"Harmony Protocol Heist: Horizon Bridge Loses $100M"},"content":{"rendered":"\n<p><a href=\"https:\/\/tradersofcrypto.com\/coins\/harmony\/\">Harmony Protocol<\/a>, one of the relatively large DeFi centers, saw an exploit of its Horizon bridge, taking away $100M in assets. This is one of the more significant exploits of smart contracts, with a relatively high value. The absolute peak in bridge attacks took more than $621M in value from the Ronin-Ethereum bridge in March 2022.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">1\/ The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.<br><br>More \ud83e\uddf5<\/p>&mdash; Harmony \ud83d\udc99 (@harmonyprotocol) <a href=\"https:\/\/twitter.com\/harmonyprotocol\/status\/1540110924400324608?ref_src=twsrc%5Etfw\">June 23, 2022<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<p>The affected bridge moved ETH and other tokens between their Ethereum version and the Harmony protocol wrapped version. Harmony operates an entirely separate L1 ecosystem built for scaling, with between 20K to 40K active wallets per day. On 24.06, the network worked through 1.5M transactions in 24 hours, though the bridge exploit itself only took 11 transactions.<\/p>\n\n\n\n<p>So far, the investigation has discovered the hacker managed to get hold of private keys.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">3\/ The team has found evidence that private keys were compromised, leading to the breach of our Horizon bridge. Funds were stolen from the Ethereum side of the bridge.<\/p>&mdash; stephen tse \ud83d\udc99 s.one \ud83c\udf09 stse.eth (@stse) <a href=\"https:\/\/twitter.com\/stse\/status\/1540896632278900737?ref_src=twsrc%5Etfw\">June 26, 2022<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<p>Bridges are smart contracts that are supplied with funds held on a known address. But calls can be made to the contract to release the funds. Exploiters use weaknesses in calls to drain the collateral. A bridge connects two networks, and an exploit leaves the tokens on the second network without real collateral.&nbsp;<\/p>\n\n\n\n<p>This time, the bridge exploit affected multiple assets and took away 13,100 ETH. The tokens were moved immediately and some were traded through decentralized exchanges. Harmony has contacted other market operators to track and freeze funds from known exploit addresses.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">The <a href=\"https:\/\/twitter.com\/harmonyprotocol?ref_src=twsrc%5Etfw\">@harmonyprotocol<\/a> bridge exploiter 0x0d04&#8230;ed00 stole 11 different erc-20 tokens and 13,100 Ether from the bridge. <br><br>They then transferred other erc-20 tokens to two other wallets to swap via uniswap and others dexs back to eth, and finally it back to 0x0d04&#8230;ed00. <a href=\"https:\/\/t.co\/HY5JepVrPu\">pic.twitter.com\/HY5JepVrPu<\/a><\/p>&mdash; MistTrack (@MistTrack_io) <a href=\"https:\/\/twitter.com\/MistTrack_io\/status\/1540126935350554624?ref_src=twsrc%5Etfw\">June 24, 2022<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<p>The hacker also showed no signs of intending to return the funds, as in the case of earlier exploits against ThorChain. In some cases, the exploiter can choose to return most of the funds while retaining a part as a form of bug bounty.&nbsp;<\/p>\n\n\n\n<p>Smart contracts can be audited and certified by organizations like Certik, but there is still no general standard for bridge protection. Vitalik Buterin, co-founder of Ethereum, has warned that bridge smart contracts remain the most vulnerable parts of a decentralized ecosystem.&nbsp;<\/p>\n\n\n\n<p>Multi-chain apps still require bridging to make the best of decentralized trading. Not all types of tokens are compatible with DEX services or other tools for passive income. Bridges remain attractive for being supplied with base tokens of high liquidity, including ETH, but also Bitcoin (BTC), Binance Coin (BNB) and stablecoins like USDC.&nbsp;<\/p>\n\n\n\n<p>Recently, Coinbase added direct access to Solana and Avalanche, expanding the number of tokens with no need of bridging or using an Ethereum version exclusively. This will mostly affect the users of stablecoins, which are often bridged to use as sources of liquidity.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>How was Harmony Affected<\/strong><\/h3>\n\n\n\n<p>Harmony Protocol currently holds only 45M in notional value, down from a peak of 1.2B during high DeFi activity periods. The exploit itself may not be immediately reflected, but it has taken funds deposited by retail traders.<\/p>\n\n\n\n<p>DeFi Kingdoms remains the biggest protocol on Harmony, carrying 28% of all value. DeFi Kingdoms is a gamified financial operation, and the biggest play-to-earn game on Harmony. The protocol also hosts NFT games like MoonBots.<\/p>\n\n\n\n<p>Harmony is among the smaller but still stable L1 solutions with their own growing ecosystem of projects. So far, Harmony has mostly avoided the fallout of Terra LFG, Celsius and the exposure to Three Arrows Capital (3AC) crypto hedging fund.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Will ONE Token Suffer More Losses<\/strong><\/h3>\n\n\n\n<p>ONE, the native token of Harmony, is down to $0.02. The asset peaked at the start of 2022 at $0.33, and was one of the most active assets linked to DeFi.&nbsp;<\/p>\n\n\n\n<p>With the slide of Solana and the loss of LUNA, ONE also erased more than 90% of its value.&nbsp;<\/p>\n\n\n\n<p>Still, ONE is a low per-unit asset and may offer a more significant upside, despite the loss of funds. A rally in ONE may raise more value within the protocol.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/search?q=%24ONE&amp;src=ctag&amp;ref_src=twsrc%5Etfw\">$ONE<\/a> FUD makes future millionaires. Fundamentals strong, team strong, so I love FUD cuz I can buy lower! <br><br>\ud83d\ude80\ud83d\ude0e <a href=\"https:\/\/t.co\/rJgBv89pDv\">https:\/\/t.co\/rJgBv89pDv<\/a><\/p>&mdash; Coins Prophet (@CoinsProphet) <a href=\"https:\/\/twitter.com\/CoinsProphet\/status\/1540210312254726146?ref_src=twsrc%5Etfw\">June 24, 2022<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<p>ONE is a relatively older asset with multiple trading pairs on the Binance exchange. <a href=\"https:\/\/tradersofcrypto.com\/news\/why-synthetix-snx-is-rallying-in-a-bear-market\/\">Renewed interest in altcoins<\/a> and in DeFi protocols may boost demand for Harmony. The project is one of the more prominent ICO sales organized by <a href=\"https:\/\/tradersofcrypto.com\/exchanges\/binance\/\">Binance Launchpad<\/a>. The project raised $23M in value in May 2019, though it failed to gain the influence of Solana, Avalanche or some more prominent networks.\u00a0<\/p>\n\n\n\n<p>Still, Harmony may be a growth project with more years ahead to go though the bear market and regain value. Earlier price predictions saw ONE breaking the $1 barrier, though now a return above $0.10 would be a welcome return to a higher range.<\/p>\n\n\n\n<p>Harmony and ONE operate with a worldwide team with representation on the US market. The current bridge exploit is being investigated, notifying the US FBI. There is still no certainty on how the theft has affected token owners, and some of the assets may continue to exist and even be traded on both sides of the bridge. After the exploit, the bridge has been closed and may take months to be replenished with funds and undergo security audits.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Harmony Protocol lost finds on the Ethereum side after an exploit of a bridge smart contract with compromised private keys.<\/p>\n","protected":false},"author":3,"featured_media":2252,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[277,276],"class_list":["post-2251","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorised","tag-harmony","tag-one","entry"],"_links":{"self":[{"href":"https:\/\/tradersofcrypto.com\/news\/wp-json\/wp\/v2\/posts\/2251","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tradersofcrypto.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tradersofcrypto.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tradersofcrypto.com\/news\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/tradersofcrypto.com\/news\/wp-json\/wp\/v2\/comments?post=2251"}],"version-history":[{"count":0,"href":"https:\/\/tradersofcrypto.com\/news\/wp-json\/wp\/v2\/posts\/2251\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tradersofcrypto.com\/news\/wp-json\/wp\/v2\/media\/2252"}],"wp:attachment":[{"href":"https:\/\/tradersofcrypto.com\/news\/wp-json\/wp\/v2\/media?parent=2251"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tradersofcrypto.com\/news\/wp-json\/wp\/v2\/categories?post=2251"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tradersofcrypto.com\/news\/wp-json\/wp\/v2\/tags?post=2251"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}