red 
So, all in all, if two of the four ambiguous signers are compromised, we’ll see another 9-figure hack. With everything going on lately, it would be interesting to hear some details @harmonyprotocol on how these EOAs are secured.
— Ape Dev (@_apedev) April 1, 2022
Earlier today (June 24), Harmony identified the theft from the Horizon Bridge. This theft occurred during 14 transactions across Ethereum and Binance Smart Chain, in which the hacker stole various assets including ETH, BNB, USDT, USDC and Dai. At the time of publication, Harmony estimated the loss at $100 million. An analysis by Elliptic confirms this estimate – estimating the value of the stolen property at $99.7 million.
No information has yet been released on how the hacker managed to steal these funds. Although several Twitter users have since speculated that this may have involved the compromise of two of the five ambiguous addresses – possibly indicating a compromise of the private key.
Of the other five bridges attacked this year, only one was exploited due to private key compromise. In March, North Korea’s Lazarus Group compromised the validator nodes of the Ronin network – allowing them to siphon funds from Ronin’s cross-bridge.
Harmony Protocol’s Horizon bridge was hacked and $100 million was spent earlier today.
The bridge was essentially 2 out of 5 multi-characters. If any 2 addresses told it to transfer funds to someone, it did.
A hacker compromised 2 addresses and forced them to drain money. 🧵👇 pic.twitter.com/hv1JWDy9WQ
— Mudit Gupta (@Mudit__Gupta) June 24, 2022
After the theft, the hacker used various decentralized exchanges (DEX) to exchange the tokens for ETH – a common technique used by DeFi hackers. Currently, $98 million in ETH is held in the hacker’s Ethereum address, while $1.79 million in assets are held in the hacker’s Binance Smart Chain address.
Specifically, the hacker received a message, which appeared to be from Harmony, offering to negotiate a refund.
In a tweet posted on June 24, Harmony stated that “we have also notified the exchanges and stopped the Horizon bridge to prevent further transactions. A team is on deck as investigations continue”.
Why are bridges vulnerable?
Five other notable bridge attacks have occurred since the start of 2022, including two of the top five crypto heists of all time. In January, hackers exploited a vulnerability in Multichain, allowing them to siphon $3 million from users over the course of several days.
Just days later, a vulnerability in Qubit Finance’s bridge was exploited, with hackers stealing over $80 million. In February, two more bridges were attacked, including Wormhole, where hackers stole $325 million. Finally, in March, $540 million was stolen from the Ronin Bridge, in an attack that has since been attributed to North Korea’s Lazarus group.
Due to the increasing number of high-profile attacks on bridges in recent months, many individuals – including Vitalik Buterin – have discussed the underlying security concerns.
Bridges are vulnerable to hacking for a number of reasons. First, they maintain large pools of liquidity—which means they’re a tempting target for hackers. In order for individuals to use bridges to move their funds, assets are locked on one blockchain and unlocked, or minted, on another. As a result, these services hold large amounts of cryptoassets.
Second, criticism of bridges focuses on the lack of decentralization. To speed up transaction times, some bridges require a small number of validators or signatures to approve transactions. This was recently demonstrated by the Ronin Bridge attack, in which five out of nine validators were compromised, leading to a loss of funds. In this case, four of these validators were controlled by the same entity.
Finally, the speed of innovation in the DeFi space sometimes results in a lack of focus on security. Although many decentralized applications (DApps) undergo a post-theft security review, implementing measures including audits and bug bounty, these measures are not always in place before an attack. As a result, services remain vulnerable to various attack methods – especially code and economic exploitation.
Click here to access our latest report covering DeFi risks and regulations. You can learn more about Elliptic’s transaction tracking capabilities or contact us for a demo.
