Harmony’s $100M Hack Was Due to a Compromised Multi-Sig Scheme, Says Analyst

Must Read

Harmony’s $100M Hack Was Due to a Compromised Multi-Sig Scheme, Says Analyst

Harmony’s Multi-Sig Exploited Polygon’s CSO Says, Harmony Protocol’s Founder Found Evidence That ‘Private Keys Were Compromised’

Uniswap Set To Add NFTs To Its Product Lineup With Latest Acquisition

On Tuesday, a popular crypto start-up and founders of a leading decentralized exchange of the name Uniswap...

Yuga Labs vs. Ryder Ripps: Decoding the impact of the lawsuit on the performance of ‘Apes’

Yuga Labs is the limelight again. However, this time around the NFT giant announced that it has...

Harmony’s Multi-Sig Exploited Polygon’s CSO Says, Harmony Protocol’s Founder Found Evidence That ‘Private Keys Were Compromised’

Three days ago, Harmony explained that it was attacked and the team witnessed $100 million siphoned from the Horizon bridge. “The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100 [million],” Harmony tweeted on Thursday. “We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds,” the Harmony team added.

Following the exploit, the very next day, Polygon’s chief information security officer, Mudit Gupta, said that the bridge was a 2 of 5 multi-signature scheme, and anyone with two of the addresses can take control of it. “The hacker compromised 2 addresses and made them drain the money,” Gupta added. Gupta said while the details aren’t public yet he summarized what he believes took place during the hack. “The two addresses were likely hot wallets used to listen for and process legit bridging transactions,” Gupta explained.

“The attacker compromised the server(s) that these hot wallets were running on,” the Polygon CSO wrote on Friday. “Once inside the server, they could access the keys that were kept in plaintext for signing legit transactions. The server exploit was likely either SSH key compromise or social engineering. This is eerily similar to how Ronin was hacked.” The analyst further added:

This was not a ‘Blockchain Hack.’ It was a ‘Traditional Hack.’ I’ve been begging protocols to focus on traditional security too alongside blockchain security for months now…

Furthermore, an incident report written by the Harmony Protocol’s founder says “the team has found evidence that private keys were compromised, leading to the breach of our Horizon bridge — Funds were stolen from the Ethereum side of the bridge.” The Harmony founder also noted that “confidentiality is key to maintain integrity as part of this ongoing investigation — The omission of specific details is to protect sensitive data in the interest of our community.”

Source: https://news.bitcoin.com

- Advertisement -

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisement -

Latest News

Harmony’s $100M Hack Was Due to a Compromised Multi-Sig Scheme, Says Analyst

Harmony’s Multi-Sig Exploited Polygon’s CSO Says, Harmony Protocol’s Founder Found Evidence That ‘Private Keys Were Compromised’

Uniswap Set To Add NFTs To Its Product Lineup With Latest Acquisition

On Tuesday, a popular crypto start-up and founders of a leading decentralized exchange of the name Uniswap announced the acquisition of Genie,...

Yuga Labs vs. Ryder Ripps: Decoding the impact of the lawsuit on the performance of ‘Apes’

Yuga Labs is the limelight again. However, this time around the NFT giant announced that it has filed a lawsuit against old...

Anonymous vows to bring Do Kwon’s ‘crimes’ to light

Hacktivist group Anonymous has pledged to “make sure” Terra co-founder Do Kwon is “brought to justice as soon as possible” in regard...

SEC requests comments on the guidelines for ICO portals

To avoid conflicts of interest and clarify the rules of outsourcing, the Securities and Exchange Commission (SEC) asks the public for feedback...
- Advertisement -

More Articles Like This