The Horizon bridge on Harmony Protocol, a layer 1 blockchain, was exploited by an unknown hacker earlier today. Having compromised two out of five multisig addresses, the attacker was able to withdraw as much as $100 million in various altcoins. The coins were then swapped for Ethereum on a decentralized exchange, and returned to the attacker’s wallet.
According to Twitter crypto sleuths, the exploit could have been initiated with a social engineering tactic or an SSH key compromise. In an official statement, Harmony did not comment on those hypotheses. The attacker’s apparent strategy was similar to that employed in the Ronin hack, which was subsequently linked to a North Korean hacking group.
The protocol reportedly contacted exchanges to try and recover at least a part of the stolen assets, while also working with national authorities, the FBI, and forensic specialists to identify the culprit. Harmony added that the funds on the BTC bridge are stored in decentralized vaults and remain safe.
The attack led to the protocol’s total value locked dropping by over 14%.