Harmony, an open and fast layer-1 blockchain offering a two-way Ethereum bridge, suffered an unfortunate hack on 24 June. Horizon, its cross-chain bridge to Ethereum, recorded this exploit worth nearly $100 million in ETH. Although the platform had halted the affected bridge, some questions remain unanswered.
To get a better grip on the situation, here’s a deep dive into what caused this hack.
Security experts of the CertiK team, in a blog posted on 25 June, shared a deep analysis highlighting key events that led to the heist. Wu Blockchain, a famed news agency, later re-shared this development on his Twitter feed.
<p lang=«en» dir=«ltr» xml:lang=«en»>Certik: The attacker accomplished this by somehow controlling the owner of the MultiSigWallet to call the confirmTransaction() directly to transfer large amounts of tokens from the bridge on Harmony. https://t.co/M1VNahGKcQ— Wu Blockchain (@WuBlockchain) June 24, 2022
Preliminary analysis showcased that the alleged address made 11 transactions from the bridge for various tokens. Furthermore, the individual sent tokens to a different wallet to swap for ETH on the Uniswap decentralized exchange (DEX), then sent ETH back to the original wallet.
After some further investigation, the expert analysis identified 12 attack transactions and three attack addresses. Across these transactions, the attacker netted various tokens on the bridge including ETH, USDC, WBTC, USDT, DAI, BUSD, AAG, FXS, SUSHI, AAVE, WETH, and FRAX.
“The attacker accomplished this by somehow controlling the owner of the MultiSigWallet to call the confirmTransaction() directly to transfer large amounts of tokens from the bridge on Harmony. This led to a total loss around $97M worth of asset on the Harmony chain which
Read more on ambcrypto.com