In another major hack, $100 million worth of cryptocurrency was taken.
In the latest big theft in the world of decentralized finance, hackers stole $100 million worth of cryptocurrency from Horizon, a so-called blockchain bridge.
Not much is known about the attack yet, but Harmony, the company that made Horizon, said they found the theft on Wednesday morning. Harmony has found a single account that it thinks is responsible.
In a tweet late Wednesday, the start-up said, “We have started working with national authorities and forensic experts to find out who stole the money and get it back.”
In a follow-up tweet, Harmony said that the attack is being looked into by the FBI and several cybersecurity companies.
Blockchain bridges are an important part of the DeFi space because they let users move their assets from one blockchain to another. In the case of Horizon, users can send tokens from Ethereum to Binance Smart Chain. Harmony said that the attack did not affect a different bitcoin bridge.
Like other parts of DeFi, which aims to rebuild traditional financial services like loans and investments on the blockchain, bridges have become a top target for hackers because their code has flaws.
Jess Symington, research lead at blockchain analysis firm Elliptic, says that because bridges “keep a lot of cash on hand,” they are “a tempting target for hackers.”
“In order for people to use bridges to move their money, assets must be locked on one blockchain and unlocked, or “minted,” on another,” Symington said. “Because of this, these services keep a lot of cryptoassets.”
Harmony has not said how the money was actually stolen. But one investor had been worried about the Horizon bridge’s safety as early as April.
The Horizon bridge’s security was based on a “multisig” wallet that only needed two signatures to start a transaction. Some researchers think the breach was caused by a “private key compromise,” in which hackers got the password or passwords needed to get into a cryptocurrency wallet.
It comes after a string of attacks on other blockchain bridges that made headlines. A security breach in March cost the Ronin Network, which runs the crypto game Axie Infinity, more than $600 million. Another popular bridge, Wormhole, lost more than $320 million in a hack a month before.
The theft adds to a string of bad news about crypto in recent weeks. After a sharp drop in the value of their assets caused a shortage of cash, Celsius and Babel Finance put a hold on withdrawals. The troubled crypto hedge fund Three Arrows Capital may not be able to pay back a $660 million loan from Voyager Digital.