Harmony Protocol’s Horizon Bridge was hacked for about $100 million, Harmony Protocol’s Twitter account announced. Metaverse software company, AAG Ventures, took the major brunt. Out of the approx. $100 mln lost in the hack, AAG lost $84 mln.
Now, AAG has announced that they were able to freeze $78 mln out of the 84 million that they lost.
The Harmony Hack Explained
The Harmony protocol announced that they have stopped the Horizon bridge to ensure the safety of the remaining funds. They revealed that they started working with authorities and forensics experts to retrieve the amount.
Harmony published the exploiter’s Ethereum address and disclosed that the trustless BTC bridge was not impacted. In a separate Tweet, they called for a joint effort to build more trustless bridges which would provide higher security.
Mudit Gupta, a security researcher and CISO of Polygon, revealed that the Horizon Bridge was using a multi-signature mechanism to reach consensus. Out of the 5 signatures, if any 2 agreed on a transaction, it would go through. The exploiter apparently compromised 2 signatures and was able to drain $100M.
Mudit also revealed how the exploit may have nothing to do with any vulnerability in the Horizon Bridge or any other blockchain security-related issue. In fact, the hack may be in the servers that were running the two wallets responsible for verifying any transaction.
The hack is very similar to how the Ronin Bridge was hacked for $600 mln.
How AAG Recovered Its Losses
AAG had partnered with Lossless DeFi and was using their mitigation tool to protect its funds. As a result, Looseless was able to freeze about $78 mln of the $84 mln that was lost by AAG in the hack.
In a stroke of luck, Lossless had launched their protocol on Harmony only a day ago and were able to intervene in the event of the hack.
Tools like Lossless will become more important as the number of exploits continues to rise up.