So-called blockchain bridges have become a prime target for hackers who seek to exploit vulnerabilities in the world of decentralized finance.
Jacob Borzeki | Norfoto | Getty Images
Hackers stole $100 million in cryptocurrency from Horizon, the so-called blockchain bridge, in the latest major heist in the world of decentralized finance.
Details of the attack are still scant, but Harmony, the developers behind Horizon, said they discovered the theft on Wednesday morning. Harmony has assigned an individual account it believes to be the culprit.
“We have begun working with national authorities and forensic professionals to identify the culprit and recover the stolen funds,” the startup said in a tweet late Wednesday.
In a follow-up tweet, Harmony said it is working with the FBI and several cybersecurity companies to investigate the attack.
Blockchain bridges play a huge role in the DeFi space, offering users a way to move their assets from one blockchain to another. In the case of Horizon, users can send tokens from the Ethereum network to the Binance Smart Chain. Harmony said the attack did not affect a separate bitcoin bridge.
Like other aspects of DeFi, which aims to rebuild traditional financial services such as loans and investments on the blockchain, bridges have become a prime target for hackers due to weaknesses in their underlying code.
According to Jes Symington, head of research at blockchain analytics firm Elliptic, bridges “maintain large stores of liquidity,” making them “an tempting target for hackers.”
“For individuals to be able to use bridges to move their money, assets are locked onto one blockchain and unlocked or minted on another,” Symington said. “As a result, these services contain a large amount of crypto assets.”
Harmony hasn’t revealed exactly how the money was stolen. However, one investor has raised concerns about the security of its Horizon bridge since April.
Horizon Bridge security hinges on a “multisig” wallet that requires only two signatures to initiate transactions. Some researchers speculate that the breach was the result of a “private key hack,” in which hackers obtained the password or passwords required to access a crypto wallet.
Harmony was not immediately available for comment when contacted by CNBC.
It follows a series of high-profile attacks on other blockchain bridges. Ronin Network, which supports the crypto game Axie Infinity, lost more than $600 million in a security breach that occurred in March. Wormhole, another popular bridge, lost more than $320 million in a separate hack a month ago.
The theft is adding to the negative news flow in cryptocurrencies lately. Crypto lenders Celsius and Babel Finance have frozen withdrawals after a sharp drop in the value of their assets led to a liquidity crunch. Meanwhile, embattled crypto hedge fund Three Arrows Capital could default on a $660 million loan from brokerage Voyager Digital.