NEW YORK (CNBC) - Hackers have stolen $100 million in cryptocurrency from Horizon, a so-called blockchain bridge, in the latest major heist in the world of decentralized finance.
Details of the attack are still slim, but Harmony, the developers behind Horizon, said they identified the theft Wednesday morning. Harmony singled out an individual account it believes to be the culprit.
“We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds,” the start-up said in a tweet late Wednesday.
In a follow-up tweet, Harmony said it’s working with the Federal Bureau of Investigation and multiple cybersecurity firms to investigate the attack.
Blockchain bridges play a big role in the DeFi — or decentralized finance — space, offering users a way of transferring their assets from one blockchain to another. In Horizon’s case, users can send tokens from the Ethereum network to Binance Smart Chain. Harmony said the attack did not affect a separate bridge for Bitcoin.
Like other facets of DeFi, which aims to rebuild traditional financial services like loans and investments on the blockchain, bridges have become a prime target for hackers due to vulnerabilities in their underlying code.
Bridges “maintain large stores of liquidity,” making them a “tempting target for hackers,” according to Jess Symington, research lead at blockchain analysis firm Elliptic.
“In order for individuals to use bridges to move their funds, assets are locked on one blockchain and unlocked, or minted, on another,” Symington said. “As a result, these services hold large volumes of cryptoassets.”
Harmony has not revealed exactly how the funds were stolen. However, one investor had raised concerns about the security of its Horizon bridge as far back as April.
The security of the Horizon Bridge hinged on a “multisig” wallet that required only two signatures to initiate transactions. Some researchers speculate the breach was the result of a “private key compromise,” where hackers obtained the password, or passwords, required to gain access to a crypto wallet.
Harmony was not immediately available for comment when contacted by CNBC.