Could This Major Hack Be The End of Harmony One?
Harmony One suffered a $100 million hack
It feels like I haven't written an article in a while. Oh wait, that's because I haven't... I've been enjoying some good ole COVID-19 ladies and gentlemen. My wife and I both have been living it up in the dark with migraines. It's been pretty fuckin rough, not gunna lie. I had it over a year ago and I don't remember it sucking this much. I guess I got the new version with all the DLC this time lol.
Anyway - I've been piling up topics to write about but have had such a bad migraine I just haven't been able to look at the screen long enough to write. I know there's speech to text but that shit is trash. One of the things I've been dying to write about is the massive hack that Harmony's Horizon Bridge suffered a couple days ago.
I've always been a huge supporter of Harmony, and have written a number of different articles about it. It was the first blockchain that I really started yield farming on, alongside xDAI chain (now GNOSIS chain) and I have some fond memories from doing degenerate things on it.
When I read about this hack, I got really concerned.
Somehow a hacker or group of hackers was able to gain control of the multi-signature wallet that owns the contract controlling the bridge. If I had to guess, it was probably phishing or social engineering... Maybe even an inside job. The thing about multi-sig wallets is that there have to be X amount of signatures from other wallets in order to execute transactions so compromising just the contract isn't enough.
It has yet to be released how this was accomplished, probably for security reasons. They don't need any more heat coming at them at the moment. The bridge contract was drained of $100 million in different crypto tokens including WBTC, WETH, AAVE, USDT, DAI, and many more. My head hurts, so I'm not going to try to explain how the attack was executed from there, but feel free to check out the source of the image above for more details.
The different tokens were sent directly to one single wallet, which can be seen here on Etherscan. Then the funds started slowly being transferred to different wallets and swapped for different stable coins on Uniswap. Smart hacker, I guess.
The thing about the blockchain is... and I say it all the time... The blockchain don't lie. There's no hiding these funds without sending them through a mixing service or finding a way to swap them for Monero. Obviously the Ethereum blockchain doesn't reveal the identity of the culprit(s), but it does provide a trail for feds to follow.
Our incident response team has discovered evidence that private keys were compromised, leading to the breach of the Horizon bridge. Funds were stolen on the Ethereum side of the bridge. The private keys were encrypted and stored by Harmony, with the keys doubly encrypted via passphrase and a key management service, and no single machine had access to multiple plaintext keys.
This had to be a pretty slick hacker group to get around all of those security measures. Somehow they managed to get access to private keys. The funds that were compromised were on the Ethereum side of the bridge, and most of the tokens have been swapped back to ETH.
What really got me was they are only offering $1 million as a bounty to the hacker if they return the $100 million in funds. Looks like that isn't enough to entertain the hacker as they are already sending chunks of funds to Tornado Cash, which is a mixing service..
It's gunna take a long time to clean $100 million but this guy(s) seems patient.
Thanks for reading! Much love.
Wanna learn about all kinds of things you can do with the crypto you earn blogging on Hive? Check out my index - Learn Crypto Stuff for some fun educational crypto stuff.
Posted Using LeoFinance Beta
Bridges have by far been the biggest point of failure for the industry as far as hacks. I honestly do not use them. I would rather use a swap service like Changelly for SimpleSwap to move from one chain to another.
I very much enjoy Changelly and SimpleSwap as well, but I do think bridges have a very important future.
Posted Using LeoFinance Beta
They will be important, but need to be WAY more secure. They are the things I see getting hacked the most, mainly on the EVM side of things.
I got out of this project long ago. It has had significant problems over a period of time. Although IBC focused also it just hasn't taken off as well as Cosmos has.
Posted Using LeoFinance Beta
Yeah I wanted it to be successful for the longest but I eventually jumped ship when I found more opportunity on other chains.
Posted Using LeoFinance Beta
i told my friend the other day after this cycle harmony one wont even be a thing.
depending on how this is handled, this could very well be the end for harmony
Posted Using LeoFinance Beta
This is a good lesson for all of the developers and users in cryptosphere. No corners should be cut when it comes to security. I'm not a developer, but I do thing some time delays programmed into smart contracts could be a great move to add more security. That can allow to spot hackers trying to transfer funds.
For an example, a compromised HIVE account takes 13 weeks to power down. Releasing the funds in smaller chunks over time could be a great security practice.
!PIZZA
!LUV
Posted Using LeoFinance Beta
@vimukthi(1/1) gave you LUV. H-E tools | discord | community | <><
HiveBuzz.me NFT for Peace
PIZZA Holders sent $PIZZA tips in this post's comments:
@vimukthi(1/5) tipped @l337m45732 (x1)
Please vote for pizza.witness!