At a glance Horizon was attacked and lost about 100 million US dollars follow-up

On June 24, the Harmony team tweeted that it found that the Horizon cross-chain bridge was attacked, with a loss of about $100 million. Horizon is an asset cross-chain bridge developed by the Layer1 public chain Harmony and Ethereum.

Harmony said it is currently working with relevant authorities and experts to track down the attackers and recover the stolen assets. In addition, Harmony said that the trustless Bitcoin cross-chain bridge has not been affected, and the exchange has been notified and suspended the Horizon cross-chain bridge. The attacker’s address is 0x0d043128146654C7683Fbf30ac98D7B2285DeD00.

RJMmVumzxU4SLgUjIjLezsdqgdB1wvqhEbwrrTbN.png

Harmony noted that as further investigations and more information become available, everyone will be kept updated.

Hacked against Harmony Horizon bridge. According to SlowMist MistTrack analysis, the attacker (0x0d0…D00) made more than $100 million, including 11 ERC20 tokens, 13,100 ETH, 5,000 BNB and 640,000 BUSD. On the Ethereum chain, the attacker transferred most of the tokens to Two new wallet addresses, exchange the tokens for ETH, and then transfer the ETH back to the initial address (0x0d0…D00), the current address (0x0d0…D00) about 85,837 ETH has not been transferred yet, at the same time, the attacker There is currently no fund transfer operation on the BNB chain. SlowMist MistTrack will continuously monitor the movement of stolen funds.

In addition, the Etherscan page shows that in today’s transaction records at 6:28 and 10:40, the Harmony team made two requests to the Horizon Bridge attacker: “The Harmony team is interested in communication and negotiation. Please contact the official mailbox to start the conversation. Communication can be anonymous.” But the hacker has not responded to this.

It is worth mentioning that the Harmony team tweeted at 11:37 today that Harmony is processing and will continue to investigate with the FBI and multiple cybersecurity companies.

According to public information, Horizon is the first Ethereum-Harmony cross-chain bridge. Horizon opens the starting point for the free flow of assets between the Harmony and Ethereum blockchains, allowing users to bridge any ERC20 token as well as LINK and BUSD. 

The official introduction of Harmony pointed out that the cross-chain bridge is a technology that connects two blockchains by verifying cross-chain transactions through two processes: 1. Asset transfer process: assets are locked in Ethereum and assets of the same amount are minted on Harmony. 2. Asset redemption process: Assets minted on Harmony are destroyed and equivalent assets are unlocked on Ethereum.

Ethereum-to-Harmony (transfer assets) process:

·Users send a request to the cross-chain bridge to transfer their ERC20 tokens and provide a Harmony address for receiving 1:1 HRC20 tokens, while allowing the cross-chain bridge to lock related ERC20 assets.

A cross-chain bridge will host a set of validator nodes that will receive requests, enforce locks, and wait on Ethereum for enough block confirmations to guarantee finality (finality ensures that locked transactions never leave Ethereum).

· After confirmation, the cross-chain bridge validator requests HmyManager to mint HRC20 assets and transfer them to the receiving account.

sFQqUpetNh1YdWwbreXVjKnELuHs95thyDoAfoRZ.png

Harmony-to-Ethereum process:

·Users send a request to the cross-chain bridge to recover their HRC20 assets and provide an Ethereal address for receiving 1:1 ERC20 tokens, while allowing the cross-chain bridge to destroy related HRC20 assets.

The validator node hosted by the cross-chain bridge will receive the request, execute the destruction transaction on Harmony, and request the cross-chain bridge contract on the Ethereum side to transfer the locked ERC20 assets to the designated account.

9Q6VjCsUhdaKcnvWyQkKlF9AjgigfqeSKXt8CzkI.png

For the design of the cross-chain bridge, according to Harmony officials, Harmony has been optimized based on four principles: 1. No need for trust: The cross-chain bridge is as secure as the blockchain it connects, without other security assumptions; 2. Decentralization : No single point of failure; 3. Fast and efficient: Promote frequent transactions between chains while ensuring low miner fees; 4. Seamless experience: Hide the complexity of the blockchain without entering the block hash.

In addition, the entire asset transfer process takes no more than 5 minutes. The same goes for redeeming assets from Harmony. Cross-chain bridges are secured by a set of validator nodes that submit cross-chain transaction confirmations (locked on the Ethereum side, destroyed on the Harmony side) via multi-signature contracts. At the same time, the bridge is also fully audited by Peckshield. Despite this, hacker attacks and monetary losses have not been avoided. There is currently no official response to the means of this attack. The follow-up development of the attack still requires continuous attention.

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/at-a-glance-horizon-was-attacked-and-lost-about-100-million-us-dollars-follow-up/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-06-24 11:24
Next 2022-06-24 11:26

Related articles