Hackers swipe $100 million from blockchain bridge Harmony

Hackers swipe $100 million from blockchain bridge Harmony

Hackers made off with about $100 million in cryptocurrency from a so-called blockchain bridge operated by Harmony, adding to the more than $1 billion already stolen in crypto so far this year.

Harmony said it notified other exchanges and stopped its bridge, called Horizon, to prevent further transactions as the company investigates the theft. One individual account is thought to be behind the heist, the company said Thursday in a series of tweets.

The company is “working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds,” Harmony said of the theft from its Horizon bridge that allows for the exchange of coins from multiple blockchains. In a later tweet, Harmony said it’s working with the Federal Bureau of Investigation and cybersecurity firms to investigate the attack.

Harmony did not immediately respond to a request for comment.

Shaky bridge

Harmony and other so-called blockchain bridges were developed to accept multiple tokens as additional cryptocurrencies are adopted and users look to make transfers more readily. Horizon offers cross-chain exchanges between the Ethereum and Binance Smart Chain.

However, bridges are seen as especially susceptible to attack and are frequently targeted by cybercriminals, with $1.3 billion stolen from bridges in the first three months of the year, according to an estimate from researcher Chainalysis.

Attacks on Crypto.com in January, Wormhole in February and Ronin Network in March each resulted in multimillion-dollar losses. Cybersecurity experts say hackers often target decentralized finance, or DeFi, platforms with weak security.

DeFi services are typically built on public blockchains, allowing users to exchange crypto back and forth without the need for an established financial institution like a bank or credit union.

In another attack, hackers in April stole $182 million from DeFi service Beanstalk Farms. PeckShield, a blockchain security company in China, said thieves used a “flash loan” to exploit security weaknesses in Beanstalk. A flash loan is an unsecured loan that bypasses the need for collateral from the borrower by using smart contracts requiring repayment by the the end of a transaction — usually within seconds or minutes.