The Harmony layer-1 blockchain project team has offered a bounty comparable to just 1% from the $100 million in crypto stolen in the Horizon Bridge hack a week ago.
Harmony tweeted on June 26 the team had committed $a million for that return from the funds which were stolen in the Horizon Bridge on June 23. It added, “Harmony will advocate without criminal charges when money is came back.”
We invest in a $1M bounty for that return of Horizon bridge funds and discussing exploit information.
Call us at whitehat@harmony.one or ETH address 0xd6ddd996b2d5b7db22306654fd548ba2a58693ac.
Harmony will advocate without criminal charges when money is came back.
— Harmony (@harmonyprotocol) June 26, 2022
However, concerns happen to be elevated the modest bounty sum might not be enough to incentivize the attacker to come back the funds.
The Horizon Bridge is really a token bridge between your Harmony blockchain and also the Ethereum network, Binance Chain, and Bitcoin. The Bitcoin bridge wasn’t affected within this exploit.
When compared with other high-profile exploits this season, Harmony’s bounty offer ranks low. The $ten million provided to the Rari Fuse attacker in May was 12.5% from the total stolen. The Beanstalk Finance team offered $7.six million that was 10% from the total exploited in the protocol in April.
Harmony’s bounty offers are so low the crypto trader known on Twitter as Degen Spartan known as it an “insulting amount.” He added, “imagine losing 100m and thinking you are capable of lowball for any 1% bounty lmwo this type of person just doing performance art to mitigate legal liability.”
1M?
insulting amount, gfy https://t.co/TgZ0gDOC43
— 찌 G 跻 じ Goblin from the (@DegenSpartan) June 26, 2022
Within an incident response update coming bridge hack on June 25, Harmony founder Stephen Tse tweeted the hack wasn’t the effect of a smart contract code breach, rather, they found evidence that personal keys were compromised which brought towards the breach from the bridge.
1/ An accidents response update coming bridge hack
Confidentiality is essential to keep integrity included in this ongoing analysis. The omission of specific details would be to safeguard sensitive data within the interest in our community.
— stephen tse s.one stse.eth (@stse) June 26, 2022
Tse stated the Ethereum side from the bridge had migrated “to a 4-5 multisig because the incident.” The vulnerability from the multisig wallet requiring just two from five signers was introduced up with a community member in April, however the issue wasn’t addressed through the Harmony team so far.
A multisig wallet is really a crypto wallet that needs multiple key holders to approve a transaction. These wallets are generally used at crypto projects.
As of times of writing, the Horizon Bridge hacker hasn’t moved the stolen funds into Tornado Cash, an Ether (ETH) mixer, or other anonymizer.
Related: Just how can crypto stop getting hacked?
Hope isn’t lost for Harmony, since it’s $a million bounty isn’t the tiniest proportional to the quantity of funds lost. In 2021, the Poly Network interoperability platform was hacked for $610 million. The team’s bounty offer of $500,000 was .08% from the total stolen. The sale was rejected, but fortunately the funds were came back anyway.