A hacker has exploited a vulnerability to steal $100 million from a platform that allows users to transfer their assets between platforms.
In a post on Friday, the U.S. startup behind Horizon said that it had been attacked. Cross-chain bridges are used to allow users to send assets from one chain to another. Users can use theHorizon bridge to move assets betweenEthereum,Binance Smart Chain, andHarmonyBlockchains
According to the company, the culprit stole close to $100 million from its bridge.
According to Elliptic, a number of cryptocurrencies were taken. Elliptic said that the stolen token have been swapped for ether using a commonly seen technique.
After the attack, multiple cybersecurity partners, exchange partners, and the FBI were requested to assist with an investigation in identifying the culprit and retrieving stolen assets. The team tried to communicate with the hacker with an embedded message in a transaction.
The bridge was stopped to stop further transactions. There was no change to the bridge for bitcoins.
This incident reminds us of how important our work is to the future of this space and how much of our work remains ahead of us. There is a challenge of what information is allowed to be shared with the public, but we will continue to provide updates with the latest information as soon as possible.
The funds were stolen, but the company did not say how it happened.
One investor who goes by the name of "Ape Dev" had concerns about the security of the bridge back in April. The security of the bridge hinges on a multi-signature wallet that only requires two signatures to initiate transactions. Multi-sig wallet requires the consent of multiple parties to ensure additional security.
If two of the four multi-sig signers are compromised, we are going to see another 9 figure hack. It would be interesting to hear more about how Externally owned accounts are secured.
There have been a number of attacks on other bridges. The Ronin Network lost more than $600 million in an attack in March, which was blamed on a North Korean hacking group. A security flaw in Wormhole's smart contract code cost it $325 million in February.
Q1 crypto losses spike 695% on year following massive hacks