After crypto firm Harmony’s blockchain bridge Horizon was hacked for $100 million last week, the layer-one protocol company said that it was still working with the FBI and blockchain forensics companies to unearth new clues related to the hack.
On Monday, Harmony said that the hacker was still on the run and using Tornado Cash, a popular mixer service that conceals the identity behind a crypto transaction, to transfer funds among different wallets.
While Harmony says it has the crypto address of the hacker, the company also offered the public a $1 million bounty for any intelligence on the hack on Monday and directly appealed to the white-hat hacker community to provide tips.
“Harmony will advocate for no criminal charges when funds are returned,” the company said about its quest to recover stolen funds.
“We’re are still willing to have a discussion with the hacker, but will continue the full investigation until resolution or the return of stolen funds,” the company added.
The hack led the company pausing the blockchain bridge, preventing any new activity. The blockchain bridge functions as a cross-chain bridge that enables the flow of digital assets from one blockchain to another. Horizon allows users to move digital assets from Harmony’s network to Bitcoin, Binance Chain, and Ethereum.
“Cross-chain bridges are an essential component of the current DeFi ecosystem,” Kraken’s Chief Security Officer, Nick Percoco, told The Street Crypto. “They provide an autonomous means for different chains, such as Ethereum, Solana or Cardano, to interact with one another. In practice, these act as a vital mechanism to enable transactions, such as tokens and NFTs, to seamlessly transfer between chains.”
Hackers recently drained large sums of crypto from blockchain bridges like Axie Infinity’s Ronin bridge and the Wormhole bridge.
“High-profile attacks, such as this one, continue to reinforce the importance of the broader crypto ecosystem prioritizing a security-first mindset and remaining vigilant,” Percoco added. “Criminals constantly search for new attack vectors and vulnerabilities, which means that security protocols need to be consistently invested in and updated. We anticipate the spotlight on this event will focus the minds of cyber security teams across the blockchain ecosystem and will result in more robust protocols moving forward.”
“Like every financial service, innovators and security protocols must outpace a very aggressive criminal [environment],” Anna Becker from Endotech told The Street Crypto. “Ultimately, blockchain assets should be more accountable and traceable. Of course, industry players can continue to take steps to safeguard client money, including adopting state-of-the-art security protocols and even providing solutions beyond secure client custody accounts.”