ONE, a native token of a cross-chain bridge provider, Harmony, is now one of the worst performers among the top 200 coins today, as the team confirmed they lost almost USD 100m in crypto in a theft.
At 10:24 UTC, ONE, ranked 124th by market capitalization on CoinGecko, trades at USD 0.024 and is down 11% in a day and over 4% in a week.
At around 11:13 PM UTC, Harmony said it “has identified a theft occurring this morning on the Horizon bridge amounting to approx. USD 100m.” The team claims that it does not impact their bitcoin (BTC) bridge and “its funds and assets stored on decentralized vaults are safe at this time.”
According to the announcement, Harmony has also notified exchanges and stopped the Horizon bridge to prevent further transactions.
“We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds,” they added.
“Assets were stolen on both Ethereum and Binance Smart Chain,” according to blockchain analytics firm Elliptic.
“A variety of assets were taken, including ETH, BNB, USDT, USDC and DAI. The stolen tokens have now been swapped for ETH using decentralized exchanges – a commonly-seen technique with these hacks,” they added.
Also, per the analysts, Harmony has seemingly sent the thief a message, embedded within an ETH transaction, asking them to negotiate.
“No information has yet been released detailing how the hacker was able to steal these funds. Though several Twitter users have since speculated that this may have involved the compromise of two of five multisig addresses – possibly indicating a private key compromise,” Elliptic said.
Harmony claims that its bridges can connect any proof-of-work and proof-of-stake chains.
According to Elliptic, bridges are vulnerable to hacks for a number of reasons:
They maintain large stores of liquidity – meaning that they are a tempting target for hackers.
Bridges aren’t decentralized enough. In order to speed up transaction times, some bridges require a low number of validators or signatures in order to approve transactions.
The speed of innovation in the DeFi space sometimes results in a lack of focus on security.