Harmony said in a tweet the hack of its Horizon bridge, which lets people swap coins between blockchains, took place Thursday morning. It has “begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.”
Horizon, which offers cross-chain transfers between Ethereum and Binance, marks the third major bridge hack this year. In February, hackers stole more than $300 million from the Wormhole bridge. In late March, Ronin Bridge lost about $620 million to hackers. Even before the Horizon hack, money stolen from bridges exceeded $1 billion, researcher Chainalysis has estimated.
Harmony’s native ONE token dropped 13% over the past 24 hours, according to CoinGecko.
“The theft seems to have happened due to a private key compromise,” said Xuxian Jiang, chief executive officer of security firm PeckShield, which has been contacted by Harmony for support.
Harmony’s bridge is managed and secured by four multi-signature wallets and an authentication from at least two of them is required to validate and execute a transaction, Jiang said. The Ronin Bridge, linked to the popular play-to-earn video game Axie Infinity, employed a similar mechanism, with five out of nine validators required to sign off.
Discover the stories of your interest
Bridges are particularly vulnerable to hacks, as their technology is complex and they are often run by anonymous teams. The way they safeguard funds is often unclear. The amount of money locked on bridges connected to the Ethereum blockchain declined 60% in the last 30 days, to less than $12 billion, per tracker Dune.
The drop was triggered by a wider crypto market slump and liquidity concerns surrounding lender Celsius Network and crypto-focused hedge fund Three Arrows Capital.