Skip to main content

Harmony’s $100M Hack Was Due to a Compromised Multi-Sig Scheme, Says Analyst

http://motleybloggers.com/wp-content/uploads/2022/06/harmonys-100m-hack-was-due-to-a-compromised-multi-sig-scheme-says-analyst.jpg



Harmony's $100M Hack Was Due to a Compromised Multi-Sig Scheme, Says Analyst

On June 23, 2022, the Harmony development team announced that $100 million was siphoned from the Horizon bridge, and the organization explained it was working with national authorities and forensic specialists. According to an account published Polygon’s chief information security officer, Mudit Gupta, the Horizon bridge attacker allegedly took control of the multi-signature wallet leveraged in Harmony’s bridge.


Harmony’s Multi-Sig Exploited Polygon’s CSO Says, Harmony Protocol’s Founder Found Evidence That ‘Private Keys Were Compromised’


Three days ago, Harmony explained that it was attacked and the team witnessed $100 million siphoned from the Horizon bridge. “The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100 [million],” Harmony tweeted on Thursday. “We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds,” the Harmony team added.


Following the exploit, the very next day, Polygon’s chief information security officer, Mudit Gupta, said that the bridge was a 2 of 5 multi-signature scheme, and anyone with two of the addresses can take control of it. “The hacker compromised 2 addresses and made them drain the money,” Gupta added. Gupta said while the details aren’t public yet he summarized what he believes took place during the hack. “The two addresses were likely hot wallets used to listen for and process legit bridging transactions,” Gupta explained.


“The attacker compromised the server(s) that these hot wallets were running on,” the Polygon CSO wrote on Friday. “Once inside the server, they could access the keys that were kept in plaintext for signing legit transactions. The server exploit was likely either SSH key compromise or social engineering. This is eerily similar to how Ronin was hacked.” The analyst further added:


This was not a ‘Blockchain Hack.’ It was a ‘Traditional Hack.’ I’ve been begging protocols to focus on traditional security too alongside blockchain security for months now…

Furthermore, an incident report written by the Harmony Protocol’s founder says “the team has found evidence that private keys were compromised, leading to the breach of our Horizon bridge — Funds were stolen from the Ethereum side of the bridge.” The Harmony founder also noted that “confidentiality is key to maintain integrity as part of this ongoing investigation — The omission of specific details is to protect sensitive data in the interest of our community.”




Tags in this story

100 million, 2 of 5 multi-signature scheme, Confidentiality, decentralized finance, DeFi, defi hacks, Harmony Hack, Harmony Protocol, Harmony Protocol’s founder, Horizon Bridge, Horizon bridge Exploit, incident report, Mudit Gupta, Multi-signature, Polygon CSO, Ronin Exploit, sensitive data, Stolen funds

What do you think about the Harmony exploit for $100 million? Let us know what you think about this subject in the comments section below.








Jamie Redman


Jamie Redman is the News Lead at MotleyBloggers.com News and a financial tech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He has a passion for Bitcoin, open-source code, and decentralized applications. Since September 2015, Redman has written more than 5,000 articles for MotleyBloggers.com News about the disruptive protocols emerging today.







Image Credits: Shutterstock, Pixabay, Wiki Commons




Origina post from
https://motleybloggers.com/harmonys-100m-hack-was-due-to-a-compromised-multi-sig-scheme-says-analyst/

Comments

Post a Comment

Popular posts from this blog

A Jacobin Podcast Review: Critiques on Crypto and Sterlin’s Response

https://motleybloggers.com/wp-content/uploads/2022/01/a-jacobin-podcast-review-critiques-on-crypto-and-sterlins-response.jpg The following opinion editorial is a Jacobin Podcast review written by the author Sterlin Lujan , the chief risk officer with Cryptospace. The Jacobin Podcast episode called: “ Dig: Cryptocurrency w/ Edward Ongweso Jr & Jacob Silverman, ” touches upon “cryptocurrency, NFTs, Elon Musk, the metaverse, meme stocks, and techno-utopianism amid the crushing reality of our neoliberal hellscape.” Cryptocurrency isn’t fringe technology anymore. Over the last decade, it has become embedded into finance, culture, and even our social life. It’s drastically changing the way we think about money, economics, and human action. However, some people, primarily on the left, are skeptical of cryptocurrency. Many of them hate it, regardless of how much of a godsend it has been for many. My friend, thought leader, author, and psychedelic visionary, Daniel Pinchbeck, pointed out a
Post a Comment
Read more

P2P Bitcoin Traders in Nigeria Think Outside the Box in the Wake of CBN Restrictions

After the Central Bank of Nigeria issued a directive targeting the country’s cryptocurrency industry, bitcoin and altcoin trade volumes on centralized exchanges immediately plunged. Nevertheless, the new regulations seem to have succeeded in boosting crypto trade volumes on informal markets or on peer-to-peer trading platforms. Nigerian Crypto Traders Get Creative Still, the increasing trades on informal platforms have also led to increased reports of users losing money to con artists. Moreover, with the CBN seemingly eager to see volumes of crypto trades plummet, Nigerian users had to find ingenious but legal ways of getting around the central bank’s imposed restrictions. As shown in one local report , one such legal way is through an app created by one local crypto start-up, Patricia. According to the report, this application is already enabling Nigerian users to buy or sell their crypto assets securely and without running afoul of CBN regulations. Therefore, in this report, we relis
Post a Comment
Read more

‘Bitcoin Is Dead’ Google Searches Skyrocket, Bitcoin Obituaries Records 15 Deaths This Year

https://motleybloggers.com/wp-content/uploads/2022/06/bitcoin-is-dead-google-searches-skyrocket-bitcoin-obituaries-records-15-deaths-this-year.jpg According to the Bitcoin Obituaries list, bitcoin has died 15 times in 2022, and the last obituary written about bitcoin’s death was on June 18, in a recent statement that said: “Bitcoin Will Not Recover.” Interestingly, Google Trends data shows that the search phrase “bitcoin is dead,” is estimated to hit an all-time high this week. The Old Saying ‘Bitcoin Is Dead’ Comes Back to Life In recent times, you may have heard the phrase “bitcoin is dead,” or something similar. A great number of people truly believe that bitcoin is dead while many believe the crypto asset is the future of money. The past two weeks have been gruesome for bitcoin as prices dropped to a low of $17,593 per unit. The analytics company Glassnode shows the losses during the last three days have been massive. “The last three consecutive days have been the largest USD deno
Post a Comment
Read more