Skip to main content

Harmony’s $100M Hack Was Due to a Compromised Multi-Sig Scheme, Says Analyst

http://motleybloggers.com/wp-content/uploads/2022/06/harmonys-100m-hack-was-due-to-a-compromised-multi-sig-scheme-says-analyst.jpg



Harmony's $100M Hack Was Due to a Compromised Multi-Sig Scheme, Says Analyst

On June 23, 2022, the Harmony development team announced that $100 million was siphoned from the Horizon bridge, and the organization explained it was working with national authorities and forensic specialists. According to an account published Polygon’s chief information security officer, Mudit Gupta, the Horizon bridge attacker allegedly took control of the multi-signature wallet leveraged in Harmony’s bridge.


Harmony’s Multi-Sig Exploited Polygon’s CSO Says, Harmony Protocol’s Founder Found Evidence That ‘Private Keys Were Compromised’


Three days ago, Harmony explained that it was attacked and the team witnessed $100 million siphoned from the Horizon bridge. “The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100 [million],” Harmony tweeted on Thursday. “We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds,” the Harmony team added.


Following the exploit, the very next day, Polygon’s chief information security officer, Mudit Gupta, said that the bridge was a 2 of 5 multi-signature scheme, and anyone with two of the addresses can take control of it. “The hacker compromised 2 addresses and made them drain the money,” Gupta added. Gupta said while the details aren’t public yet he summarized what he believes took place during the hack. “The two addresses were likely hot wallets used to listen for and process legit bridging transactions,” Gupta explained.


“The attacker compromised the server(s) that these hot wallets were running on,” the Polygon CSO wrote on Friday. “Once inside the server, they could access the keys that were kept in plaintext for signing legit transactions. The server exploit was likely either SSH key compromise or social engineering. This is eerily similar to how Ronin was hacked.” The analyst further added:


This was not a ‘Blockchain Hack.’ It was a ‘Traditional Hack.’ I’ve been begging protocols to focus on traditional security too alongside blockchain security for months now…

Furthermore, an incident report written by the Harmony Protocol’s founder says “the team has found evidence that private keys were compromised, leading to the breach of our Horizon bridge — Funds were stolen from the Ethereum side of the bridge.” The Harmony founder also noted that “confidentiality is key to maintain integrity as part of this ongoing investigation — The omission of specific details is to protect sensitive data in the interest of our community.”




Tags in this story

100 million, 2 of 5 multi-signature scheme, Confidentiality, decentralized finance, DeFi, defi hacks, Harmony Hack, Harmony Protocol, Harmony Protocol’s founder, Horizon Bridge, Horizon bridge Exploit, incident report, Mudit Gupta, Multi-signature, Polygon CSO, Ronin Exploit, sensitive data, Stolen funds

What do you think about the Harmony exploit for $100 million? Let us know what you think about this subject in the comments section below.








Jamie Redman


Jamie Redman is the News Lead at MotleyBloggers.com News and a financial tech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He has a passion for Bitcoin, open-source code, and decentralized applications. Since September 2015, Redman has written more than 5,000 articles for MotleyBloggers.com News about the disruptive protocols emerging today.







Image Credits: Shutterstock, Pixabay, Wiki Commons




Origina post from
https://motleybloggers.com/harmonys-100m-hack-was-due-to-a-compromised-multi-sig-scheme-says-analyst/

Comments

Post a Comment

Popular posts from this blog

US Senator Urges Congress to Pass Her Crypto Bill — Claims It Would’ve Prevented FTX Bankruptcy

http://motleybloggers.com/wp-content/uploads/2022/11/us-senator-urges-congress-to-pass-her-crypto-bill-claims-it-wouldve-prevented-ftx-bankruptcy.jpg U.S. Senator Cynthia Lummis believes that the FTX bankruptcy wouldn’t have happened under the Lummis-Gillibrand crypto bill. She stressed: “It’s clearer now than ever before that we need comprehensive regulation in the digital asset space.” Senator Lummis Explains How Her Crypto Bill Would Prevent the FTX Catastrophe U.S. Senator Cynthia Lummis (R-WY) explained in a series of tweets Monday why the collapsed cryptocurrency exchange FTX wouldn’t have gone bankrupt had Congress passed her crypto bill. The cryptocurrency trading platform filed for bankruptcy last week. The senator from Wyoming has been a supporter of bitcoin for quite some time. She personally owns BTC and believes that bitcoin is something that the Federal Reserve should hold on its balance sheet. She has said repeatedly that the cryptocurre...
Post a Comment
Read more

Bitcoin, Ethereum Technical Analysis: ETH Back Under $2,000 as Balenciaga Gains Lose Steam

https://motleybloggers.com/wp-content/uploads/2022/05/bitcoin-ethereum-technical-analysis-eth-back-under-2000-as-balenciaga-gains-lose-steam.jpg Following strong gains to start the week, BTC once again fell under $30,000, as crypto prices moved lower on Tuesday. The downturn follows up from yesterday’s rally, which came as Balenciaga announced it would be accepting crypto payments. ETH also dropped, falling under $2,000 today. Bitcoin Bitcoin fell under $30,000 on Tuesday, as bears returned to action following a green start to the week. Following a high of $30,547.50 during Monday’s session, BTC /USD fell to an intraday low of $28,975.56 earlier today. Today’s drop saw BTC fall by over 5% in the day, as bullish sentiment following the Balenciaga crypto announcement faded. BTC /USD – Daily Chart Since then, bears have now pushed prices closer to support at $28,800, which is an area where BTC has resided over the past few weeks. Looking at the chart, the 14-da...
Post a Comment
Read more

Tiffany & Co. NFT Sale Sells out, Luxury Jewelry Retailer Rakes in $12.5M in Ethereum

http://motleybloggers.com/wp-content/uploads/2022/08/tiffany-co-nft-sale-sells-out-luxury-jewelry-retailer-rakes-in-12-5m-in-ethereum.jpg On August 5, 2022, the American luxury jewelry retailer Tiffany & Co. announced that the company’s non-fungible token (NFT) mint called “Nftiff” sold out. Tiffany’s sold 250 Nftiffs for 30 ethereum per Nftiff raking in more than $12.5 million from the sale. The NFTs created by Tiffany’s have to be redeemed by August 12 and so far 94 Nftiffs have been redeemed. Tiffany & Co. NFT Sale Sells Out Gathering $12.5 Million in Ether Six days ago, MotleyBloggers.com News reported on Tiffany & Co. revealing an NFT mint called “Nftiff,” a new product crafted by Tiffany’s that combines non-fungible token technology and luxury jewelry. Since then Tiffany’s has hosted its sale and all 250 NFT units sold out, according to a tweet published by the company on August 5. “Depending on which Crypt...
Post a Comment
Read more