So-called blockchain bridges have become a prime target for hackers looking to exploit vulnerabilities in the world of decentralized finance.
Jakub Porzycki | NurPhoto | Getty Images
Hackers stole $100 million in cryptocurrency from Horizon, a so-called blockchain bridge, in the latest major heist in the world of decentralized finance.
Details of the attack are still thin, but Harmony, the developers behind Horizon, said they identified the theft on Wednesday morning. Harmony has identified an individual account it believes to be the culprit.
“We have begun working with national authorities and forensic specialists to identify the culprit and recover the stolen funds,” the startup said in a tweet late Wednesday.
In a follow-up tweet, Harmony said it was working with the Federal Bureau of Investigation and several cybersecurity companies to investigate the attack.
Blockchain bridges play an important role in the DeFi – or decentralized finance – space, providing users with a way to transfer their assets from one blockchain to another. In the case of Horizon, users can send tokens from the Ethereum network to Binance Smart Chain. Harmony said the attack did not affect a separate bitcoin bridge.
Like other facets of DeFi, which aims to rebuild traditional financial services like loans and investments on the blockchain, bridges have become a prime target for hackers due to vulnerabilities in their underlying code.
Bridges “maintain large reserves of liquidity,” making them a “tempting target for hackers,” according to Jess Symington, head of research at blockchain analytics firm Elliptic.
“In order for individuals to use bridges to move their funds, assets are locked on one blockchain and unlocked, or minted, on another,” Symington said. “As a result, these services hold large volumes of crypto-assets.”
Harmony has not disclosed exactly how the funds were stolen. However, an investor had raised concerns about the safety of its Horizon Bridge as early as April.
Horizon Bridge security relied on a “multisig” wallet that required only two signatures to initiate transactions. Some researchers believe the breach was the result of a “private key compromise,” where hackers obtained the password, or passwords, needed to access a crypto wallet.
Harmony was not immediately available for comment when contacted by CNBC.
It follows a series of notable attacks on other blockchain bridges. The Ronin Network, which supports crypto game Axie Infinity, lost over $600 million in a security breach that took place in March. Wormhole, another popular bridge, lost over $320 million in a separate hack a month earlier.
The heist adds to a stream of negative news in crypto lately. Crypto lenders Celsius and Babel Finance froze withdrawals after a sharp decline in the value of their assets led to a liquidity crunch. Meanwhile, embattled crypto hedge fund Three Arrows Capital could be in default on a $660 million loan from brokerage firm Voyager Digital.