Today the Harmony Horizon Bridge was hacked for 100M. It is still early on and things are yet to be discovered, but it appears to be either:
-
Social engineering to get private keys of 2/4 MS wallet signers for the safe: 0x715CdDa5e9Ad30A0cEd14940F9997EE611496De6
-
An inside job (please no).
-
A combination of 1 legitimate signer and social engineering to gain the private key of one of the other MS signers.
I hope that the Harmony team has a team or the resources necessary to track down the identity of the hacker and to restore the reputation of our chain. I did some digging and gathered the following:
- Wallet 0x812d8622C6F3c45959439e7ede3C580dA06f8f25 (Contract Caller) called the MS numerous times in order to enact the hack.
- The funds were sent to 0x0d043128146654C7683Fbf30ac98D7B2285DeD00, titled "Harmony Bridge Exploiter, which then distributed the stolen assets to two other periphery wallets that were used to swap the funds into ETH, which was then sent back to the Bridge Exploiter Wallet, where they now remain.
Oddly, the Contract Caller wallet (0x812d) was funded multiple times ( most recently on June 14th) by wallet 0x12f42d934bb857a0bd6c4809ab425bdce933f65e (see tx hash 0x443bf080e34f5b09b7337013a52736b111d6833c4e4b75af7865a6bb4c2fddea). This could be for any number of reasons, but it stands out when sniffing the wallet behavior.
Digging further, I found that wallet 0x12f4 created a contract (tx hash 0x0c9cdf6d9d4ada9126aae381cb901b36de290ef5c21d56077632fd46193234ad) 0x478279c5A0beb8401De1b4EaCB4863a243a8e3A3 that interacted with ‘Lutty.eth’. I found that odd, but went out on a limb here. Even more odd was it when I found the name of a Harmony contributor. Who’s scope of work involves the bridge. Lutty is probably a great dude.
Update: This most likely appears to have been social engineering or a traditional hack, in which the perpetrators used the MS keys to gain access to the funds from the ETH side.