Unknown Hacker Steals $100m From California-Based Cryptocurrency Firm Harmony

An unidentified hacker group has stolen more than $100m from Californian cryptocurrency firm Harmony.

The company made the announcement last Thursday in a Twitter thread, saying they had identified a theft occurring on the Horizon bridge amounting to approximately $100m.

“We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds,” reads the first Twitter post.

Further, Harmony published the cryptocurrency address of the malicious actor and reassured customers the rest of the funds held on its blockchain were safe.

“Note this does not impact the trustless BTC bridge; its funds and assets stored on decentralized vaults are safe at this time.”

The company also said it notified exchanges of the theft and stopped the Horizon bridge to prevent further transactions. 

“The team is all hands on deck as investigations continue,” reads one of the Twitter posts.

“We will keep everyone up-to-date as we investigate this further and obtain more information,” Harmony said last Thursday.

The company later posted another update on Sunday, offering a $1m bounty for the return of the Horizon bridge funds and sharing exploit information. 

“Harmony will advocate for no criminal charges when funds are returned,” the company added.

Harmony founder Stephen Tse also posted on Twitter on the same day, saying that confidentiality was key to maintaining integrity as part of this ongoing investigation.

“The omission of specific details is to protect sensitive data in the interest of our community.  Incident response has found no evidence of smart contract code breach. No evidence of any vulnerability on the Horizon platform was found. Our consensus layer of the Harmony blockchain remains secure.”

However, Tse added the team found evidence that private keys were compromised, leading to the breach of the Horizon bridge and funds being stolen from the Ethereum side of the bridge.

“The attacker was able to access and decrypt a number of these keys, some of which were used to sign the unauthorized transactions. Stolen assets include BUSD, USDC, ETH, and WBTC.”

The Harmony hack is hardly the first large cryptocurrency theft we reported on in 2022. Back in February, cross-blockchain bridge Wormhole confirmed attackers stole 120,000 Ethereum tokens worth over $320m. 

In April, a  group of online fraudsters made nearly $1.7m by promising cryptocurrency giveaways on YouTube.

More recently, Cryptocurrency mixing service was hit with US government sanctions for alleged connections with North Korean hackers responsible for a $620m crypto theft that occurred in March

Articles You May Like

Tinder goes ultra-premium, Amazon invests in Anthropic and Apple explains its new AirPods
GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries
More than 30 US Banks Targeted in New Xenomorph Malware Campaign
Microsoft is Rolling out Support for Passkeys in Windows 11

Leave a Reply

Your email address will not be published. Required fields are marked *