Blockchain hacks have been frightening frequent in the news cycle. The nascent industry, known for its millionaire-maker gains and punishing losses, is already a volatile market. Adding to this volatility are the many issues that stem from a lack of regulation. Chief among these issues are scams and hacks — bad actors stealing assets out from under holders’ noses. Harmony (ONE-USD) is the most recent in a long line of networks to suffer from hacks just this year; a heist worth $100 million has investors shaken once again.
Harmony is a layer-2 decentralized application (dApp) network for Ethereum (ETH-USD). Similarly to Polygon (MATIC-USD), users can utilize Harmony to do their data transacting faster and cheaper. The network hosts Ethereum dApps, and when one uses these dApps on Harmony rather than Ethereum, they don’t have to wait in the lengthy queues to settle transactions on Ethereum nor pay the hefty gas fees.
The way Harmony and other layer-2s allow users to move crypto around is through its bridges. Cross-chain bridges are just what they sound like — they are an infrastructure through which users can move funds from one blockchain to another.
Bridges are a very popular and necessary function for the Web 3.0 world. Indeed, users don’t want to be relegated to a single blockchain network. Rather, they want access to the whole web. But unfortunately, this piece of blockchain tech is oft taken advantage of. Bridges are a common weak point of networks — an in through which hackers can access users’ funds. A slew of hacks this year have targeted bridges. Most notable was the Ronin Chain (RON-USD) hack, where a thief used the network’s bridge to siphon over $600 million in assets.
Harmony Crypto’s Bridge Becomes Newest Hack Victim
One of the Harmony network’s bridges, called the Horizon Bridge, is the newest victim. It seems as though a bad actor has exploited a weakness in the network to steal over $100 million. Early this morning, Harmony developers made users aware of the security breach.
A post-mortem report supplied to InvestorPlace, blockchain security company CertiK details the scope of the attack. The company says that “the attacker accessed the owners of Horizon’s MultiSig wallets, after which they had the power to control the funds that were held on the protocol.”
This is similar to what happened with Ronin Network; hackers targeted the keys of developers who control the bridge, rather than the bridge itself. Using the keys, the hacker does not need to use any force on the bridge itself to access the assets. CertiK calls the hack an example of “poor privileged access management.” It adds that projects need to “foster greater decentralization across their team structure” in order to avoid these attacks in the future. Indeed, it took only two stolen keys for the hacker to access the funds.
According to the report, the hacker has moved some of the $100 million, but at least $97 million is still located on a single wallet.
The hack isn’t just robbing Harmony of assets locked on-chain — it’s also hurting ONE crypto prices. The coin is losing over 6% in the wake of the news.
On Low-Capitalization and Low-Volume Cryptocurrencies: InvestorPlace does not regularly publish commentary about cryptocurrencies that have a market capitalization less than $100 million or trade with volume less than $100,000 each day. That’s because these “penny cryptos” are frequently the playground for scam artists and market manipulators. When we do publish commentary on a low-volume crypto that may be affected by our commentary, we ask that InvestorPlace.com’s writers disclose this fact and warn readers of the risks.
Read More: How to Avoid Popular Cryptocurrency Scams
On the date of publication, Brenden Rearick did not have (either directly or indirectly) any positions in the securities mentioned in this article. The opinions expressed in this article are those of the writer, subject to the InvestorPlace.com Publishing Guidelines.