Unidentified individuals stole about $100 million worth of digital assets by successfully exploiting a vulnerability in the Horizon service, which allows the exchange of cryptocurrencies between blockchains. Harmony, the owner of the service, said it was working with authorities and industry experts to help identify those responsible and recover the stolen funds.
The Horizon incident, which offers cross-chain transfers between the Ethereum and Binance blockchains, was already the third major hack since the beginning of the year. The first was the theft of assets worth more than $300 million from the Wormhole service in early February, the second was the theft of cryptocurrencies from the Ronin platform at the end of March, when the attackers enriched themselves by $620 million. .
According to the preliminary version, the theft of funds became possible due to the compromise of the private key: the Horizon service was protected by 4 multi-signature wallets, and the transaction required confirmation from two of them. Similarly, the Ronin network was hacked, where the transfer required confirmation from 5 out of 9 validators.
Transfer services between blockchains are considered particularly vulnerable to hacking – they are based on rather complex technological solutions, and they are managed by anonymous development teams, and it is not always clear how the security of funds is ensured. In the last month alone, the amount of assets locked on such services connected to the Ethereum blockchain has decreased by more than 60% to less than $12 billion.