Hackers made off with about $100 million in cryptocurrency from a so-called blockchain bridge operated by Harmony, adding to theso far this year.
Harmony said it notified other exchanges and stopped its bridge, called Horizon, to prevent further transactions as the company investigates the theft. One individual account is thought to be behind the heist, the company said Thursday in a series of tweets.
The company is “working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds,” Harmony said of the theft from its Horizon bridge that allows for the exchange of coins from. In a later tweet, Harmony said it’s investigating working with the Federal Bureau of Investigation and cybersecurity firms to the attack.
Harmony did not respond to a request for comment immediately.
Harmony and other so-called blockchain bridges were developed to accept multiple tokens as additional cryptocurrencies are adopted and users look to make transfers readily more. Horizon offers cross-chain exchanges between the Ethereum and Binance Smart Chain.
However, bridges are seen as especially susceptible to attack and are frequently targeted by cybercriminals, with $1.3 billion stolen from bridges in the first three months of the year, according to an estimate from researcher Chainalysis.
Attacks on Ronin Network in March each resulted in multimillion-dollar losses. Cybersecurity experts say hackers often target decentralized finance, or DeFi, platforms with weak security., and
DeFi services are typically built on public blockchains, allowing users to exchange crypto back and forth without the need for an established financial institution like a bank or credit union.
In another attack, hackers in April stole $182 million from DeFi service Beanstalk Farms. PeckShield, a blockchain security company in China, said thieves used a “flash loan” to exploit security weaknesses in Beanstalk. A flash loan is an unsecured loan that bypasses the need for collateral from the borrower by using smart contracts requiring repayment by the end of a transaction — usually within seconds or minutes.