Harmony’s Horizon bridge was exploited for $100 million, making three major bridge hacks this year and exposing a central weakness in the digital-asset nexus, according to multiple reports.
Harmony said in a tweet the hack of its Horizon bridge — which offers cross-chain transfers between Ethereum and Binance — is being handled by its own cyber security partners, exchanges, forensic specialists and authorities, including the FBI “to identify the culprit and retrieve the stolen funds.”
Harmony’s Bitcoin bridge, stored in decentralized vaults, wasn’t affected by the hack, according to reports.
See also: PYMNTS Crime Series: Another Day, Another Nine-Figure Crypto Hack
Harmony’s Matthew Barrett said, “the team has attempted communication with the hacker with an embedded message in a transaction to the culprit’s address,” in a Medium post.
“Harmony believes that focusing on decentralized bridges is an essential step forward for Web3. This incident is a humbling and unfortunate reminder of how our work is paramount to the future of this space, and how much of our work remains ahead of us.”
Read more: In $625M Hack, a Bigger Crypto Security Problem Is on Display
Even before the Horizon hack, hackers stole over $1 billion from bridges, Bloomberg reported. Using complicated tech run by anonymous teams, bridges are particularly exposed to possible hacks. It’s generally not known how funds are secured, Bloomberg reported.
Hackers stole more than $300 million from the Wormhole bridge in February and about $620 million in March from the Ronin Bridge, which is linked to the play-to-earn video game Axie Infinity.
Related: PYMNTS Crypto Crime Series: With $1B Hacked, Cross-Chain Crypto Payments May Be in Jeopardy
“The [Horizon] theft seems to have happened due to a private key compromise,” said Xuxian Jiang, chief executive officer of security firm PeckShield, which has been contacted by Harmony for support, Bloomberg reported.
Four multi-signature wallets secure Harmony’s bridge, Jiang said, adding that authentication from at least two is necessary for the validation and execution of a transaction.
The Ronin Bridge used a similar authentication method, with five out of nine validators required, per Bloomberg.
Sign up here for daily updates on all of PYMNTS’ Crypto coverage.