Fairyproof’s Analysis of the Attack on Harmony
On June 23, Harmony’s Ethereum bridge was attacked.
On June 23, Harmony’s Ethereum bridge was attacked.
The attack was launched from three addresses on Ethereum:
0x0d043128146654C7683Fbf30ac98D7B2285DeD00 on Ethereum,
0x9E91ae672E7f7330Fc6B9bAb9C259BD94Cd08715 on Ethereum and
0x58F4BACcb411ACef70A5f6DD174Af7854fc48Fa9 on Ethereum.
Crypto assets valued at around $100 million were exploited in this incident and have been transferred to Ethereum.
The root cause is a cross-chain bridge’s(horizon) private key was leaked.
Here is how the attack was carried out:
On June 23, 11:06 UTC, the attacker from the first address received 13100 ETHs in a cross-chain transaction from the horizon cross-chain bridge. It then continued to receive ERC-20 tokens in multiple cross-chain transactions from the horizon cross-chain bridge as well.
Here is a list of the exploited cryptos:
The attacker then transferred the received ERC-20 tokens to the second and third addresses, exchanged most of them for ETHs via Uniswap V3, and transferred all the exchanged ETHs back to the first address.
At the time of writing, the three addresses held 85,000 ETHs and some ERC-20 tokens which hadn’t been exchanged for ETHs. These assets were valued at around $100 million.