Harmony Protocol Offers $1M Bounty Following Massive Exploit

Key Insights:

• Harmonys Horizon bridge was exploited for $100M on Friday.

• The teams 1% bounty may not be enough incentive for the attackers.

• The funds remain in the hacker‘s wallet and have yet to be moved or ’cleaned.

Late last week, the high-throughput layer-1 blockchain platform Harmony became the latest victim of a bridge exploit. Around $100 million in various crypto assets were stolen from the protocol due to a vulnerability in a multi-signature wallet connected to the Horizon bridge. The bridge allows assets to be transferred to and from Harmony and other networks such as Ethereum and Bitcoin (BTC).

On June 26, the Harmony team offered a million-dollar bounty for the return of the funds. It also promised to advocate for no legal charges.

Is It Enough？

The theft makes Harmony the fourteenth-largest industry exploit, according to Defiyields Rekt database (which has yet to be updated). However, the 1% bounty is one of the smallest offered so far, so they may have to up the incentive a little to have any hope of funds being returned.

At the time of writing, the funds were still in the hackers address which held 85,867 ETH worth approximately $104.6 million. If the assets start moving to anonymizing services such as Tornado Cash, Harmony can kiss goodbye any hopes of retrieval.

There was plenty of reaction from the crypto community, with many suggesting that the amount offered was too low. Others pointed out that providing bounties doesnt solve the problem and, if anything, may even encourage hackers.

“Isn‘t it funny to actually reward the hackers with $1M dollars for returning the fund when they can get away with $100M？” one commented before adding, “even if they accept the offer, the same hackers will and again comprise another system？ Problem isn’t solved.”

The exploit, which resulted from a private key breach, not a smart contract bug, is the latest cross-chain bridge attack this year. On June 26, Harmony stated:

“The team has found evidence that private keys were compromised, leading to the breach of our Horizon bridge. Funds were stolen from the Ethereum side of the bridge.”

The attacker was able to access and decrypt a number of these keys and use them to sign unauthorized transactions, it added.

Hackers have been increasingly targeting these conduits between different networks. In February, hackers stole $320 million from the Wormhole bridge; then, the following month came the industry‘s largest attack. More than $600 million was stolen in an attack on Axie Infinitie’s Ronin bridge in March.