Harmony Offers $1 Million Bounty to the Hacker of Horizon Bride If They Return Stolen Funds

Last week, on Thursday, June 23, hacker exploited the Ethereum-linked Horizon bridge stealing more than $100 million in cryptocurrencies. On Sunday, June 26, Proof-of-Stake (PoS) blockchain Harmony Protocol announced that it is ready to provide $1 million bounty in exchange if the hacker returns all the stolen funds.

In one of its recent tweets, the Harmony Protocol noted: We commit to a $1M bounty for the return of Horizon bridge funds and sharing exploit information. Contact us at [email protected] or ETH address 0xd6ddd996b2d5b7db22306654fd548ba2a58693ac. Harmony will advocate for no criminal charges when funds are returned”.

As per reports, the hacker had stolen $100 from the bridge in different cryptocurrencies such as Wrapped Ethereum (WETH), AAVE, SUSHI, DAI, Tether (USDT) and USD Coin (USDC). Later, the hacker swapped all of these digital assets into ETH and is holding that amount in his ETH address on the Ethereum blockchain.

Ever since the Harmony team found the address of the hacker, it is working relentlessly with "national authorities and forensic specialists” for retrieving the stolen funds. Following the hack, Harmony also halted all bridge activity. Furthermore, its native cryptocurrency ONE token has dipped considerably over theist few days.

Horizon is the cross-chain bridge for Harmony’s proof-of-stake blockchain network. The Horizon bridge allows its users to move assets between Harmony's network and Ethereum, Binance Chain, and Bitcoin. 

Harmony Protocol’s founder and CEO, Stephen Tse, shared details of the hack and what transpired. Tse said that his team has found “no evidence of smart contract code breach. No evidence of any vulnerability on the Horizon platform was found. Our consensus layer of the Harmony blockchain remains secure”.

He further adds that funds were stolen from the Ethereum side of the bridge. Tse adds: “Private keys were stored encrypted by Harmony. These keys were doubly encrypted using a passphrase and a key management service. No single machine had access to multiple plaintext keys. The system was designed to avoid persistent storage of plaintext secrets at rest”.

The hacker managed to get access and the decrypt the private keys on the Ethereum side of the bridge. Hackers have been targeting cross-chain bridges recently. Earlier this year, hackers tole $80 million from Qubit Finance's bridge. Similarly, $320 million was stolen from the Warmhole bridge as well.