The Harmony Protocol has announced $1 million bounty to the hacker and added that they won’t initiate any criminal proceedings if the hacker returns the funds.
On Sunday, June 26, the proof-of-stake (PoS) blockchain protocol Harmony Protocol said that it is ready to offer $1 million in bounty rewards against returning the $100 million worth of stolen funds from its Ethereum-linked Horizon bridge.
Last Thursday, the attacker managed to siphon off $100 million from the Horizon bridge through a total of 11 transactions. The hackers stole this amount in different cryptocurrencies such as Aave (AAVE), Wrapped Ethereum (WETH), Dai (DAI), Sushi (SUSHI), Tether (USDT), and USD Coin (USDC). In a Twitter message on Sunday, Harmony Protocol noted:
“We commit to a $1M bounty for the return of Horizon bridge funds and sharing exploit information. Contact us at [email protected] or ETH address 0xd6ddd996b2d5b7db22306654fd548ba2a58693ac. Harmony will advocate for no criminal charges when funds are returned”.
Stephen Tse, co-founder and CEO of Harmony Protocol also tweeted that there was “no evidence of smart contract code breach. No evidence of any vulnerability on the Horizon platform was found. Our consensus layer of the Harmony blockchain remains secure”.
Additional Insights into the Harmony’s Hack
Stephen Tse also provided additional insights into the hack. He added that private keys were compromised leading to the beach of Horizon Bridge. Tse added that funds have been stolen from the Ethereum side of the bridge.
He further explained that Harmony had doubly encrypted the private keys using “a passphrase and a key management service”. He adds that the attacker managed to “access and decrypt a number of these keys, some of which were used to sign the unauthorized transactions”.
The attacker then swapped all the stolen assets to ETH which currently resides in the hacker’s wallet on the Ethereum blockchain network. The Harmony co-founder added: “We have migrated the Ethereum side of the Horizon bridge to a 4-of-5 multisig since the incident. We will continue taking steps to further harden our operations and infrastructure security”.
This is yet another major hack in the crypto space which highlights the vulnerability of funds. Hacking incidents in the crypto space have been on the rise following the massive bull run over the last year. Such incidents are likely to draw greater regulatory scrutiny going ahead. We have yet to hear any further communication from the hacker.