{"id":12964,"date":"2022-06-26T18:38:40","date_gmt":"2022-06-26T18:38:40","guid":{"rendered":"https:\/\/crowdfundjunction.com\/blog\/harmonys-100m-hack-was-due-to-a-compromised-multi-sig-scheme-says-analyst-bitcoin-news\/"},"modified":"2022-06-26T18:38:40","modified_gmt":"2022-06-26T18:38:40","slug":"harmonys-100m-hack-was-due-to-a-compromised-multi-sig-scheme-says-analyst-bitcoin-news","status":"publish","type":"post","link":"https:\/\/crowdfundjunction.com\/blog\/harmonys-100m-hack-was-due-to-a-compromised-multi-sig-scheme-says-analyst-bitcoin-news\/","title":{"rendered":"Harmony’s $100M Hack Was Due to a Compromised Multi-Sig Scheme, Says Analyst \u2013 Bitcoin News"},"content":{"rendered":"

(Originally posted on : Bitcoin News )<\/b>
\n<\/p>\n

\n
\n<\/header>\n
\n<\/div>\n

On June 23, 2022, the Harmony development team announced that $100 million was siphoned from the Horizon bridge, and the organization explained it was working with national authorities and forensic specialists. According to an account published Polygon\u2019s chief information security officer, Mudit Gupta, the Horizon bridge attacker allegedly took control of the multi-signature wallet leveraged in Harmony\u2019s bridge.<\/strong><\/p>\n

Harmony\u2019s Multi-Sig Exploited Polygon\u2019s CSO Says, Harmony Protocol\u2019s Founder Found Evidence That \u2018Private Keys Were Compromised\u2019<\/h2>\n

Three days ago, Harmony explained that it was attacked and the team witnessed $100 million siphoned from the Horizon bridge. \u201cThe Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100 [million],\u201d Harmony tweeted<\/a> on Thursday. \u201cWe have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds,\u201d the Harmony team added.<\/p>\n

Following the exploit, the very next day, Polygon\u2019s chief information security officer, Mudit Gupta, said<\/a> that the bridge was a 2 of 5 multi-signature scheme, and anyone with two of the addresses can take control of it. \u201cThe hacker compromised 2 addresses and made them drain the money,\u201d Gupta added. Gupta said while the details aren\u2019t public yet he summarized what he believes took place during the hack. \u201cThe two addresses were likely hot wallets used to listen for and process legit bridging transactions,\u201d Gupta explained<\/a>.<\/p>\n

\u201cThe attacker compromised the server(s) that these hot wallets were running on,\u201d the Polygon CSO wrote on Friday. \u201cOnce inside the server, they could access the keys that were kept in plaintext for signing legit transactions. The server exploit was likely either SSH key compromise or social engineering. This is eerily similar to how Ronin was hacked.\u201d The analyst further added:<\/p>\n

\n

This was not a \u2018Blockchain Hack.\u2019 It was a \u2018Traditional Hack.\u2019 I\u2019ve been begging protocols to focus on traditional security too alongside blockchain security for months now\u2026<\/p>\n<\/blockquote>\n

Furthermore, an incident report<\/a> written by the Harmony Protocol\u2019s founder<\/a> says \u201cthe team has found evidence that private keys were compromised, leading to the breach of our Horizon bridge \u2014 Funds were stolen from the Ethereum side of the bridge.\u201d The Harmony founder also noted that \u201cconfidentiality is key to maintain integrity as part of this ongoing investigation \u2014 The omission of specific details is to protect sensitive data in the interest of our community.\u201d<\/p>\n

\n
\nTags in this story
\n<\/h6>\n
100 million<\/a>, 2 of 5 multi-signature scheme<\/a>, Confidentiality<\/a>, decentralized finance<\/a>, DeFi<\/a>, defi hacks<\/a>, Harmony Hack<\/a>, Harmony Protocol<\/a>, Harmony Protocol\u2019s founder<\/a>, Horizon Bridge<\/a>, Horizon bridge Exploit<\/a>, incident report<\/a>, Mudit Gupta<\/a>, Multi-signature<\/a>, Polygon CSO<\/a>, Ronin Exploit<\/a>, sensitive data<\/a>, Stolen funds<\/a><\/div>\n<\/div>\n

What do you think about the Harmony exploit for $100 million? Let us know what you think about this subject in the comments section below.<\/strong><\/em><\/p>\n

\n
\n<\/div>\n
\n
\nJamie Redman <\/h6>\n

\nJamie Redman is the News Lead at Bitcoin.com News and a financial tech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He has a passion for Bitcoin, open-source code, and decentralized applications. Since September 2015, Redman has written more than 5,000 articles for Bitcoin.com News about the disruptive protocols emerging today.

\n
\n
\n<\/a>
\n<\/span>\n<\/p>\n<\/div>\n<\/div>\n

Image Credits<\/b>: Shutterstock, Pixabay, Wiki Commons<\/em><\/p>\n

\n