The blockchain firm Harmony has recently suffered a devastating cyberattack. As confirmed, Harmony lost crypto assets worth $100 million, returning which now comes with a $1 million bounty. Despite the lure, the stolen amount wasn’t retrieved until writing this story.
Harmony Lost Crypto Assets Worth $100 Million
The previous week, Harmony – an open blockchain firm – confirmed a cyberattack during which the company lost $100 million.
Specifically, the firm disclosed the incident on June 24, 2022, via tweets from its official account, confirming the incident had impacted the Horizon bridge.
1/ The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.
More ?
— Harmony ? (@harmonyprotocol) June 23, 2022
In another tweet, Harmony confirmed that the BTC bridge remained unaffected during the incident.
3/ Note this does not impact the trustless BTC bridge; its funds and assets stored on decentralized vaults are safe at this time.
— Harmony ? (@harmonyprotocol) June 23, 2022
Sharing further details in a dedicated blog post, the company revealed that it suffered the attack on June 23, 2022, on its proprietary Horizon Ethereum Bridge. As stated,
At 5:30 AM PST, multiple transactions occurred that compromised the bridge with 11 transactions that extracted tokens stored in the bridge. The estimated value at the time of the attack was approximately $100 million USD.
Following this incident, Harmony reported the matter to the cybersecurity and exchange partners. Besides, they also brought the issue to the notice of the FBI, which is now investigating the case.
In a subsequent update, the firm confirmed that the incident involved no Smart Contract code breaches or platform vulnerabilities. Instead, the incident happened as the attacker managed to decrypt the stored private keys and targeted the Ethereum side of the bridge.
$1 Million Bounty Pledged For Returning Stolen Funds
Harmony had also approached the hacker earlier after detecting the breach. Nonetheless, it didn’t succeed in retrieving the stolen money yet. Hence, while the firm continues with the investigations, it has also announced a $1 million bounty for returning the stolen funds. The firm also assured no further advocacy for criminal charges in case funds return.
We commit to a $1M bounty for the return of Horizon bridge funds and sharing exploit information.
Contact us at [email protected] or ETH address 0xd6ddd996b2d5b7db22306654fd548ba2a58693ac.
Harmony will advocate for no criminal charges when funds are returned.
— Harmony ? (@harmonyprotocol) June 26, 2022
While it may sound absurd, one can expect this lure to work, as it previously did for Poly Network. The company got the stolen funds worth $610 million back after the hacker happily identified itself as a “Whitehat.” Hence, Poly Network rewarded the hacker with a $500,000 bounty.
