Summary of the Horizon Bridge Incident

Have the team isolate the hack and is the protocol safe to use ?

1 Like

Hi Comunity! I actually sorry this situation! My situation is that I have USDC in My wallet in the Harmony red! But when I going to exchange the USDC to ONE to get out the funds of the Harmony red, the parity is different of the real parity! On any DEX ONE is $ 0.22 but the real price now is 0.022! Could someone tell me why? What I can do ?

2 Likes

There is a single solution to this incident and it involves the use of the treasury to peg 1:1 every asset on the bridge, this should be executed over a extended period of time and considering the corresponding liquidity of each asset so each asset that gets functional under the bridge is backed 1:1, doing so will slowly recover the utility of the chain as of now it is a total mess without DeFi. Recovering the peg of each bridged asset could actually help increase ONE locked on protocols reducing its availability and actually increasing its price to recover by buying additional unpeged assets.

Unfortunately that is the problem. The assets were stolen from the ETH side of the bridge, which made the Harmony assets lose their value “depeg”. Your 1USDC is now only worth a fraction of its value until the on-chain value can be re-established.

The protocol always was safe to use, but all eth/bsc assets are depegged so that wont change in the near future. :frowning:

One of the consequences of the exploit is AAVE locking all users funds. If you want to know about this and curious whether Harmony Team is aware or not, please upvote my topic:

It is bizarre to me that 4 private keys controls entire ETH bridge. Blockchain all about Decentralization.
How come Trojan was able to compromised sensitive information on local computer.

Wondering if Harmony Devs using FSTP for data transferring.

1 Like

May the same method that’s been used for month over a job offer and a attached PDF.

About vulnerability one important thing is always to not make IPs public. I remember the Ddos attack back in January and with the medium article there was a Printscreen from grafana. But instead of using an alias name for the server the IP was visible, same happened several times on other social media.

Also I would not open up the BTC bridge till you fix the oracle and price feeds. There was a 15% difference, so you buy ONE on Binance, send to network buy 1BTC bridge out and send to Binance you was able to make magic internet money or arbitrage.

A suggestion for the Multi-sig, I saw there is a option to have up to 50 signer. Why not using some of the permanent and long term active validator and decentralise the keys and increase the required signer??

If you read the reimbursement proposal, it lists AAVE as one of the affected dapps.

1 Like

There are not enough funds to do this. They state this in the reimbursement proposal.

1 Like

Ok, thanks. I have not found this reference but probably my fault. Also I just want to highlight the fact that on AAVE all assets are locked, so in theory value is ZERO.

Any thought of deploying a bridge onto MAP Protocol?

Actually there are enough funds to peg 1:1 up to 1DAI tokens in ascending order of liquidity for less than half the amount of tokens in the treasury, this means you could repeg a good portion of the tokens and fail to do so with only four of them with the largest liquidity. But in fact this provides a good starting point to recover DeFi on the chain, this will actually provide utility to the chain and increase the value of ONE, executing the corresponding peg over a period of time of each token by the capacity of the treasury will provide hope and not only exit liquidity with zero sum value as proposed with a reimbursement. Fail to regain DeFi and no ONE will consider using harmony for their own projects and actually if they have something running they will only abandon the chain.

2 Likes

AAVE is one of the dapps that could benefit from 1:1 peg of some assets on the bridge, they could actually resume some markets related to assets that gain the peg, this will force people to provide ONE to gain access to assets that have lose peg and were dumped to extract ONE.

1 Like

you should discuss this in the reimbursement proposal thread since this thread is for the bridge hack

This would be great. At the moment I have assets frozen in Celsius and in AAVE. Celsius is communicating with me.

1 Like

I really want the team to hear me and put their minds into what I say, I am really certain that what I am telling is possible and will benefit the chain, the current threat on the proposals is less likely that someone from the team will read my comment and they will only continue with the idea of a reimbursement that is a great mistake, you give ONE tokens in the treasury to people and they will dump them to recover some value at the cost of everyone holding ONE. For me this is so clear that I really don’t see why team members with so many at their hands mention reimbursement when simple economic principles tell anyone with some degree or experience that a reimbursement is a mistake and the only solution is to peg tokens on the bridge.

1 Like

I also want to have communication with the team but it looks like they are absent.

Anyone with has hacker addresses to be tracked ? Have the funds continue to be moving ?

Any chance of them getting it back ?

1 Like

The funds stopped moving for about one month and if they are recovered the fbi would most likely take custody and there would be court proceedings that tie up the stolen assets for awhile.

1 Like