Summary:
- Harmony Protocol has offered a $1 million bounty for the return of the stolen funds from the hack of its Horizon bridge and for information on how it happened.
- Harmony Protocols’ founder has so far identified compromised private keys as the most likely root cause of the exploit.
The team at Harmony Protocol has offered a $1 million bounty for the return of the $100 million in crypto stolen from the hack of its Horizon bridge.
The team at Harmony is also offering the same $1 million bounty for information on how the exploit happened. They also pointed out that ‘no criminal charges’ will be pursued once the funds are returned, as seen in the following tweet by the team.
We commit to a $1M bounty for the return of Horizon bridge funds and sharing exploit information.
Contact us at whitehat@harmony.one or ETH address 0xd6ddd996b2d5b7db22306654fd548ba2a58693ac.
Harmony will advocate for no criminal charges when funds are returned.
— Harmony đź’™ (@harmonyprotocol) June 26, 2022
Crypto Community Suggests $1M is too Low of an Incentive.
However, the $1 million bounty for the return of $100 million in stolen funds has been considered a drop in the ocean by the crypto Twitter community, who believe the offer should be much higher. Below are a few samples of the crypto-twitter community’s response to the $1 million bounty.
Didnt they take about 100 million ? What the hell is 1 million gonna do ? – by @pleasesendmebtc.
I doubt 1m will suffice the hacker, might need to up for and hope they answers and sadly big partial of my funds are in Aave Harmony, oh well – by @0xTusuki.
Really? Only 1M out of 100M? I feel like you gotta offer at least 8M to be taken seriously…- by @0xButthole
Harmony Protocol Founder Identifies Compromised Private Keys as the Probably Cause of the Hack.
In another Twitter thread, Harmony Protocol’s founder and CEO, Stephen Tse, explained that the team had so far not found any evidence that the $100 million exploit was caused by a malicious smart contract.
However, they had identified some evidence that compromised private keys caused it. He explained:
Incident response has found no evidence of smart contract code breach. No evidence of any vulnerability on the Horizon platform was found. Our consensus layer of the Harmony blockchain remains secure.
The team has found evidence that private keys were compromised, leading to the breach of our Horizon bridge. Funds were stolen from the Ethereum side of the bridge.
He also added that the private keys were encrypted and stored by Harmony using a passphrase and a key management system. But somehow, the attacker was able to access and decrypt several of these private keys, which were then used to sign unauthorized transactions, stealing BUSD, USDC, Ethereum, and WBTC from the Horizon bridge.
Mr. Tse also quickly pointed out that investigations into the incident are still ongoing.