The decentralized finance (DeFi) ecosystem suffered from another major hack, as a blockchain bridge called Horizon lost $100 million worth of crypto. There are not many details available about the attack, but developers of Horizon, Harmony stated that the breach had been discovered on Wednesday morning. According to Harmony, the culprit is an individual account.
On late Wednesday, the startup tweeted that they had begun to work with forensic specialists and national authorities in order to identify the culprit and for getting back the stolen funds. It also disclosed that it was investigating the breach by cooperating with the FBI (Federal Bureau of Investigation) and a number of cybersecurity companies.
In the world of decentralized finance (DeFi), blockchain bridges assist people who want to move their assets from one blockchain to a different one. In the case of Horizon, people are able to transfer the assets they have on the Ethereum blockchain to the Binance Smart Chain (BSC). According to Harmony, a separate bridge used for bitcoin was not targeted in the attack.
The purpose of decentralized finance (DeFi) is to transform traditional financial services, such as investments and loans, by rebuilding them on the blockchain. Many aspects of DeFi have become a target of hackers and cybercriminals and the same is applicable to bridges, as the goal of these individuals is to exploit the vulnerabilities that exist in the underlying code.
Experts said that bridges are a very attractive target for hackers because they are used for maintaining large amounts of liquidity. They hold a significant amount of crypto assets because people can only move their funds when they are locked on one blockchain and then minted on the other.
Security of Horizon bridge
While Harmony did not provide details about how the funds were compromised, there had been concerns about the Horizon bridge’s security features back in April. A ‘multisig’ wallet was used for securing the bridge that only needed two signatures for initiating transactions.
According to some researchers, the private key may have been compromised and this led to the breach in question. This means that the hackers could possibly have gotten the passwords needed for accessing crypto wallets.
Other blockchain bridges have also had to deal with similar attacks. Back in March, the Ronin Network had suffered losses of more than $600 million. It is known for its support of Axie Infinity, a crypto game. A month earlier, losses of more than $320 million were recorded in a separate hack on the popular bridge called Wormhole.
The Horizon hack only adds to the negative news that has been coming out of the decentralized finance (DeFi) ecosystem of late. Crypto lending companies Babel Finance and Celsius Network had recently announced that they were freezing their withdrawal services. This was because the platforms were facing a liquidity crunch because the value of their assets had declined sharply. Meanwhile, a crypto hedge fund Three Arrows Capital (3AC) could go bankrupt because of similar liquidity problems.