Harmony places $1 million bounty to return $100 million in cryptocurrency stolen during latest attack

Concord, a blockchain protocol for Web3 apps and video games like DeFi Kingdoms, has supplied a $1 million bounty for the return of $100 million stolen through the newest bridge assault. Nevertheless, some folks suppose the reward is simply too low for hackers to think about taking it.

What occurred?

• Final week, the Horizon Protocol group revealed that its Horizon bridge was compromised on June 23. In consequence, 11 transactions extracted tokens saved there valued at round $100 million.
• Horizon is a bridge that permits customers to switch belongings to and from Concord to different blockchains, together with Ethereum and Binance Good Chain.
• The corporate notified its safety companions and the FBI to help with an investigation. Concord later managed to determine the wrongdoer’s tackle.
• “Additional, the group has tried communication with the hacker with an embedded message in a transaction to the wrongdoer’s tackle,” Concord stated.

2/ 0x tackle of the wrongdoer under:https://t.co/VXO7s6FpIy

— Concord 💙 (@harmonyprotocol) June 23, 2022

• Based on blockchain evaluation firm Elliptic, the hackers stole quite a lot of crypto belongings, together with Ethereum, Tether, USD Coin, Dai, and Binance Coin (by way of TechCrunch).
• Concord stopped the Horizon bridge following the assault, suspending additional transactions.
• “Concord believes that specializing in decentralized bridges is a vital step ahead for Web3,” the corporate’s weblog publish reads. “This incident is a humbling and unlucky reminder of how our work is paramount to the way forward for this area, and the way a lot of our work stays forward of us.”
• That is one other main assault on blockchain bridges, following the notorious hack of Axie Infinity’s Ronin Network (round $625 million have been stolen).

Bounty announcement and neighborhood response

• Over the weekend, Concord announced its decision to decide to a $1 million bounty for the return of the funds and sharing exploit data.
• The corporate famous that it’s going to advocate for no authorized costs if the wrongdoer returns the belongings and offers the required information.

We decide to a $1M bounty for the return of Horizon bridge funds and sharing exploit data.

Contact us at whitehat@concord.one or ETH tackle 0xd6ddd996b2d5b7db22306654fd548ba2a58693ac.

Concord will advocate for no felony costs when funds are returned.

— Concord 💙 (@harmonyprotocol) June 26, 2022

• Based on REKT Database, the Horizon exploit is the 14th largest in cryptocurrency historical past. Nevertheless, the 1% bounty is likely one of the smallest supplied thus far (by way of Yahoo Finance).
• This announcement triggered a blended response inside the crypto neighborhood. “Isn’t it humorous to truly reward the hackers with $1M {dollars} for returning the fund once they can get away with $100M?” one consumer wrote. “Even when they settle for the provide, the identical hackers will and once more [compromise another] system? Downside isn’t solved.”
• Concord, in the meantime, discovered proof that personal keys have been compromised and led to the breach of the Horizon bridge.
• “Personal keys have been saved encrypted by Concord,” the corporate’s founder Stephen Tse said in a statement. “These keys have been doubly encrypted utilizing a passphrase and a key administration service. No single machine had entry to a number of plaintext keys. The system was designed to keep away from persistent storage of plaintext secrets and techniques at relaxation.”

7/ We’ve migrated the Ethereum aspect of the Horizon bridge to a 4-of-5 multisig because the incident. We’ll proceed taking steps to additional harden our operations and infrastructure safety.

— stephen tse 💙 s.one 🌉 stse.eth (@stse) June 26, 2022

Concord is a blockchain for decentralized apps, which divides not solely the community nodes but in addition the blockchain states into shards. It’s best often called the house for DeFi Kingdoms, one of many largest NFT video games globally.

The protocol’s native token, ONE, continues to be in decline. It’s down 9.94% within the final 24 hours, with a dwell market cap of $271 million (by way of CoinMarketCap).