Harmony Villains

RoboValidator · June 24, 2022, 4:12am

@leo Have you been in contact with LuttyYang? Were some of his keys compromised or does he know anything about the hack?

White_Wolf · June 24, 2022, 4:35am

@Pioneer Mate - I’d say that $50/hr is quite less for the quality or effort of work that maybe needed here.

It should atleast be comparable to or more than the rate the governors were offered for their services. In full honesty, you should ask for more (i…e. $75-100/hr) and not less - As the quality of work & assistance improves.

Crypto sleuths deserve more respect for their time to keep the community safe, not less. Give them hell, good sir & thank you for your service.

0xReigner · June 24, 2022, 4:38am

great work! good job

0xReigner · June 24, 2022, 4:40am

Harmony better have bridge exploit thing sorted in less than 7 epoch

CoinsProphet · June 24, 2022, 4:56am

Great job @Pioneer! I believe we’re close in busting this/these guys out!

cheesegrater · June 24, 2022, 7:20am

Another possibility is the 1wallet hack that ppl have been mentioning for months now. Thousands of private keys have been stolen and team still didn’t officially confirm this incident.

LuttyYang · June 24, 2022, 7:52am

@Pioneer @RoboValidator I’m Lutty, one of the developers of Harmony Horizon Bridge.

After development of the ERC721 and ERC1155 bridge, We verify it works as expected on mainnet:

Leo send one token to me (Ethereum Transaction Hash (Txhash) Details | Etherscan)
I lock the token on bridge
(Ethereum Transaction Hash (Txhash) Details | Etherscan)

Don_Holland · June 24, 2022, 11:17am

Amazing work , you are very talented

KamiKimms · June 24, 2022, 2:30pm

ok someone needs to say this

DO NOT AWARD @Pioneer with this bounty!!!

give him a full time job !!! he’s a trusted community member, doing far more than he should, he’d be an incredible asset to the core team. just respect the notice period so mtop can find someone who can at least try to replace him

Pioneer · June 24, 2022, 3:07pm

Hi there!

Can you clarify some things? I understand your statement above, but frankly it has nothing to do with what I said. Just want to clear things up and put some names on these addresses.

Please see above: Harmony Villains - #18 by Pioneer

Do you own or know the owner of wallet:
0x12f42d934bb857a0bd6c4809ab425bdce933f65e

Do you own the contract or know it: 0x478279c5A0beb8401De1b4EaCB4863a243a8e3A3

Do you own Lutty.eth?

Can you address these tx to the Contract Caller (0x812d)?
0x443bf080e34f5b09b7337013a52736b111d6833c4e4b75af7865a6bb4c2fddea
0x0e7b7c9aaedc278e305d54db7f764557e772cb5c773c558435aee9a83200288c
0xf4c592aeae8418f01392377476a297f2b36c1cb9f2013e033c50e80f4e584839

amartay1986 · June 24, 2022, 7:12pm

@LuttyYang,
Can you address this? Very odd to me as well since their were previous transactions months prior.

Great job @Pioneer

Severin · June 24, 2022, 7:30pm

I think this is not helping.

0x812d8622C6F3c45959439e7ede3C580dA06f8f25
and
0xf845A7ee8477AD1FB4446651E548901a2635A915

are both owners of that MultiSig. So they should be related to Harmony anyways.

Question is more if the keys got compromised and it would have been good
to have openly documented that multisig in the first place.

ben2k_Stakeridoo · June 24, 2022, 8:29pm

Non of the transaction of the bridges exit on Harmony side for example
0x7605501779951BE669CB2D799C7F0731740EE037BBC8EA735F91859BE290CEB1 for the 43 wrapped ether

Or
0x31CAEC811FC87DB2EBC8210B44A8F27C300A35490B6F160E7470B45ADAF24CB2 for the 13100 Ether Ethereum Transaction Hash (Txhash) Details | Etherscan

Looks for me very similar to the Ronin hack, so compromised keys…

Pioneer · June 24, 2022, 8:33pm

That’s almost certainly what happened. I started this investigating immediately after release and am following up to see about this last wallet. But it looks exactly like Ronin, I shared an article regarding this as well!

Maffaz · June 24, 2022, 8:50pm

Lost 1k on usdc and now lutty could be mr rogue. Man what a day… i have a lot of respect for that guy…ffs

Pioneer · June 24, 2022, 8:53pm

I really don’t think that it was him, but maybe his wallet interacted with the culprit. It appears most likely that either social engineering or a traditional hack was used in order to sign these assets out of the bridge on the ETH side.

Rel · June 24, 2022, 8:53pm

If the keys to the EOAs that control the multisig were compromised, they’d be funded already would they not? There would generally be no need to fund them from an outside source, therefore no on chain evidence in this case. The evidence would be all on Harmony’s physical systems and such I would think.

Seems like Lutty here is having suspicious cast on him for very little reason. A Harmony bridge developer being linked to Harmony’s own multisig accounts(which appear to have had their keys compromised) doesn’t imply anything really.

Pioneer · June 24, 2022, 8:56pm

as much as I agree, I have to at least argue that 100M is enough reason for me to at least look into things and share with the community. I also prefaced my post with the fact that this is all inconclusive. Also, this research was done immediately after the news came out and will be updated accordingly.

Maffaz · June 24, 2022, 9:08pm

It would be a shame if it was true. Only time will tell…

Regardless… awesome work from you, you have my respect

Maffaz · June 24, 2022, 9:10pm

Agreed. I hope lutty can be eliminated asap from the list of suspects but you cannot ignore the connection…

Topic		Replies	Views
Liquidity DAO April Connectors Bounty Program Liquidity DAO	0	303	April 18, 2022
Liquidity DAO Connectors Bounty Progress June 2022 Report & Emergency Grant Request Liquidity DAO	2	322	July 27, 2022
Protecting Harmony Community Grants	6	237	March 9, 2022
Harmony API Tool - the explorer companion by One Hispano Funding Proposals	4	275	March 24, 2022
Bounty: Generation Crypto Marketing Contest Bounties	2	289	November 1, 2021

Harmony Villains

Related Topics