Analysis of Horizon bridge attack incident
$100 million stolen from the Horizon bridge
On June 24, the Harmony team tweeted that the Horizon bridge had been attacked and the damage was estimated at $100 million.
Harmony is currently working with top blockchain tracking teams and the FBI to investigate the theft.
Horizon is an asset cross-chain bridge with Ethereum developed by Layer1 chain Harmony.
A cross-chain bridge is a technology that connects two blockchains by validating cross-chain transactions through two processes. In short, the Horizon bridge allows the free flow of assets between the two Ethereum-Harmony blockchains.
How the Horizon was stolen
About $100 million was stolen in the Horizon attack, including 11 ERC20 tokens on Ethereum and 13,100 ETH; 5,000 BNB and 640,000 BUSD on the BSC.
Private key disclosure address:
Attacked contract MultiSigWallet:
Take the loss of 13,100 ETH in the first transaction vulnerability as an example:
1. The attacker uses address 0x812…8F25 calls the contract 0x715…6DE6 for verification.
2. A cross-chain bridge is protected by a set of verifier nodes that submit cross-chain transaction confirmations through a multi-signed contract that requires only two verifiers to allow cross-chain. It is this point that the attacker takes advantage of to finally execute a successful transaction: transferring 13,100 ETH to the attacker address 0x0d0… Ed00.
According to Tokenview data, the Horizon attacker’s address https://eth.tokenview.com/cn/address/0x0d043128146654c7683fbf30ac98d7b2285ded00 transferred 18,036 ETH (about $22 million) to the new address at 15:10:11 on June 27.
At 15:11:06, this address transfers 6,012 ETH ($7.38 million) to 0x43… 47Ae, and transfer to Tornado Cash with 100 ETH for each installment. At 19:17:40, another 6,012 ETH is transferred to 0x45… 5970, still transferred to Tornado Cash with 100 ETH for each installment.
At 23:48:52, the address transfers 6009 ETH to 0x8A… C3f4 was still transferred to Tornado Cash at 100 ETH per transaction.
At 11:58:50 on June 28, the attacker’s address forwarded 18,036 ETH to the new address (0x809D… C5e4), followed by the new address to address (0x89f… Bd8b) transfer 6,012 ETH. The current Horizon attacker address balance is 49,79.67ETH.