Another major crypto hack in US raises questions over Defi security

selective focus of a bitcoin on laptop computer
Photo by Karolina Grabowska on Pexels.com

Thieves stole around $100 million (€95 million) worth of cryptocurrency from Horizon, a blockchain bridge developed by US crypto start-up Harmony, the latest in a string of cyber heists on a sector long targeted by hackers, the company said on Friday.

Harmony develops blockchains for so-called decentralised finance – peer-to-peer sites that offer loans and other services without the traditional gatekeepers such as banks – and non-fungible tokens.

The California-based company said the heist hit its Horizon “bridge,” a tool for transferring crypto between different blockchains – the underlying software used by digital tokens such as bitcoin and ether.

Thefts have long plagued companies in the crypto sector, with blockchain bridges increasingly targeted. Over $1 billion (€950 million) has been stolen from bridges so far in 2022, according to London-based blockchain analytics firm Elliptic.

What is a bridge?

A bridge is a protocol that allows users to “bridge” or move assets such as cryptocurrencies, tokens and NFTs across different blockchains. It works by locking a transaction.

A bridge hack is when a vulnerability is identified and exploited within the bridge contract connecting the two different blockchains.

Crypto holders do not usually operate within just one blockchain ecosystem and so developers have created bridges to fill this void.

Banner

How did the company respond?

Harmony tweeted that it was “working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds,” without giving further details.

It did not immediately respond to requests for comment sent via email and social media.

Elliptic, which tracks publicly visible blockchain data, said the hackers stole a number of different cryptocurrencies from Harmony, including ether, Tether, and USD Coin, which they later swapped for ether using so-called decentralised exchanges.

In March, hackers stole around $615 million (€584 million) worth of cryptocurrency from Ronin Bridge, used to transfer crypto in and out of the game Axie Infinity. The United States linked North Korean hackers to the theft, one of the ever.