Harmony is providing a $1 million bounty, for Horizon Bridge hack.
Although the Harmony team claims it will give the hacker who stole $100 million from the Horizon Bridge $1 million, it’s possible that won’t be enough to recover the money. One percent of the $100 million in cryptocurrency that was stolen in the Horizon Bridge hack last week is represented by the bounty announced by the Harmony layer-1 blockchain project team.
On June 26, Harmony tweeted that the group had pledged $1 million toward recovering the money taken from the Horizon Bridge on Thursday. “Harmony will advocate for no criminal prosecution when funds are restored,” the statement continued.
We commit to a $1M bounty for the return of Horizon bridge funds and sharing exploit information.
Contact us at email@example.com or ETH address 0xd6ddd996b2d5b7db22306654fd548ba2a58693ac.
Harmony will advocate for no criminal charges when funds are returned.
— Harmony 💙 (@harmonyprotocol) June 26, 2022
There have been worries that the tiny payoff amount might not be sufficient to encourage the attacker to return the money. The Harmony blockchain, Ethereum network, Binance Chain, and Bitcoin are all connected by the Horizon Bridge, a token bridge. This attack has no impact on the Bitcoin bridge.
Harmony’s bounty offer is not as prominent as other well-known exploits this year. The $7.6 million that the Beanstalk Finance team offered represented 10% of the total money that was taken advantage of in April. In May, the Rari Fuse attacker was given $10 million, or 12.5% of the total stolen.
insulting amount, gfy https://t.co/TgZ0gDOC43
— 찌 G 跻 じ Goblin 𝙎𝙚𝙣𝙥𝙖𝙞 of the 𝙃𝙚𝙣𝙩𝙖𝙞 (@DegenSpartan) June 26, 2022
The cryptocurrency dealer known on Twitter as Degen Spartan, dubbed Harmony’s bounty, offers an “insulting sum” because it is so low. “Imagine losing $100 million and believing you’re in a position to lowball for a 1% bounty,” he continued, “lmao these individuals are just engaging in performance art to reduce their legal risk.”
Stephen Tse, the founder of Harmony, stated in a tweet on June 25 that the Horizon bridge hack was not the consequence of a smart contract code violation. Instead, the team discovered proof that private keys had been hacked, which had caused the bridge to be breached.
Tse said that since the event, the Ethereum side of the bridge had “migrated to a 4-5 multisig.” An individual from the community raised the vulnerability of the multisig wallet in April. However, the Harmony team did not respond to the matter until today.
1/ An incident response update on the Horizon bridge hack 🧵
Confidentiality is key to maintain integrity as part of this ongoing investigation. The omission of specific details is to protect sensitive data in the interest of our community.
— stephen tse 💙 s.one 🌉 stse.eth (@stse) June 26, 2022
In a multisig wallet, multiple key holders must concur to approve a transaction. Many cryptocurrency initiatives use these wallets. The Horizon Bridge hacker has not yet transferred the stolen money into Tornado Cash, ETH mixer, or any other anonymizer as of the time of writing.
The Poly Network interoperability platform was compromised in 2021 and lost $610 million. The $500,000 bounty offered by the team represented 0.08 percent of the total stolen goods. Fortunately, the money was restored even though the offer was turned down. Harmony still has hope because their $1 million bounties is not the smallest relative to the sum of money lost.