Horizon bridge’s exploit case: up to $100M was stolen
Horizon, which offers cross-chain transfers between Ethereum and Binance, has suffered one of the biggest crypto hacks in recent weeks, with total loss up to $100M.
Brief information about Horizon Bridge
In the DeFi space, blockchain bridges, also known as network bridges, play an important role, offering users a way of transferring their assets from one blockchain to another.
The Horizon bridge allows cross-chain transfers of digital assets between Ethereum, Binance Smart Chain (BSC) and Harmony blockchain, via a set of smart contracts deployed across those three chains. Users holding assets including stablecoins, ERC-20 tokens or Binance’s BEP-20 tokens can exchange them for corresponding assets on Harmony for a 1:1 ratio.
Analyze Horizon Bridge case
The mechanism of Horizon Bridge is probably a vulnerability that allowed attackers to exploit the network. To be specific, Harmony’s bridge is managed and secured by four multi-signature wallets and an authentication from at least two of them is required to validate and execute a transaction. It is speculated that the hack was the result of a “private key compromise”, meaning attackers obtained the passwords which are required to gain access to a crypto wallet.
The total estimate of assets loss is approximately $100M. In details, the hacker stole more than 13.100 ETH ( about $14,1M); 592 WBTC ($12,4M); 9,9M USDT; 41,2M USDC; 6M DAI; 5,5M BUSD; 5,6M FRAX; 84,6M AAG ($1,3M); 110.000 FXS ( $607.000); 415.000 SUSHI ($518.000), and many more others ERC-20 token.
Noticeably, Horizon’s hack has already been the third major bridge hack in 2022. In February, Wormhole, a communication bridge between Solana and other decentralized-finance blockchain networks, was stolen for more than $300M. In late March, Ronin Bridge, an Ethereum-linked sidechain used for blockchain game Axie Infinity was also lost $620M to hackers.
Takeaway note for users
From these recent hacks, users must raise high awareness of unwanted vulnerability that can suddenly occur to their assets in blockchain bridges.
Bridges are considered to be particularly vulnerable to hacks, as their technology is complex and they are often run by anonymous teams. The funds are normally safeguarded in an ambiguous way. Therefore, make sure to Do your own research and always stay alert to protect yourself while transferring through bridges.
———————————————————————————————
About 1Shield
1Shield provides Audit & KYC services to help build trust in the Blockchain industry. With expertise in formal verification and fast audit process, 1Shield ensures your project will get invaluable credibility.
Website | Twitter | Blog | Telegram Channel