Blockchain Firm Harmony Lost $100 Million In Cyber Theft

The blockchain firm Harmony has recently suffered a devastating cyberattack. As confirmed, Harmony lost crypto assets worth $100 million, returning which now comes with a $1 million bounty. Despite the lure, the stolen amount wasn’t retrieved until writing this story.

Harmony Lost Crypto Assets Worth $100 Million

The previous week, Harmony – an open blockchain firm – confirmed a cyberattack during which the company lost $100 million.

Specifically, the firm disclosed the incident on June 24, 2022, via tweets from its official account, confirming the incident had impacted the Horizon bridge.

In another tweet, Harmony confirmed that the BTC bridge remained unaffected during the incident.

Sharing further details in a dedicated blog post, the company revealed that it suffered the attack on June 23, 2022, on its proprietary Horizon Ethereum Bridge. As stated,

At 5:30 AM PST, multiple transactions occurred that compromised the bridge with 11 transactions that extracted tokens stored in the bridge. The estimated value at the time of the attack was approximately $100 million USD.

Following this incident, Harmony reported the matter to the cybersecurity and exchange partners. Besides, they also brought the issue to the notice of the FBI, which is now investigating the case.

In a subsequent update, the firm confirmed that the incident involved no Smart Contract code breaches or platform vulnerabilities. Instead, the incident happened as the attacker managed to decrypt the stored private keys and targeted the Ethereum side of the bridge.

$1 Million Bounty Pledged For Returning Stolen Funds

Harmony had also approached the hacker earlier after detecting the breach. Nonetheless, it didn’t succeed in retrieving the stolen money yet. Hence, while the firm continues with the investigations, it has also announced a $1 million bounty for returning the stolen funds. The firm also assured no further advocacy for criminal charges in case funds return.

While it may sound absurd, one can expect this lure to work, as it previously did for Poly Network. The company got the stolen funds worth $610 million back after the hacker happily identified itself as a “Whitehat.” Hence, Poly Network rewarded the hacker with a $500,000 bounty.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil