DeFi platform Harmony Protocol offers a $1M bounty to the hacker which will be given only if the hacker returns the funds and shares exploit information.
Harmony Protocol suffered a loss worth $100M to the Horizon Bridge hacks a few days back. The platform has since then paused the Horizon bridge in order to look into the issue.
Following the hack attempt, Stephen Tse, the founder of Harmony, detailed in a Twitter thread what actually went down with Horizon Bridge.
Tse revealed that there is no evidence of a smart contract code breach on the bridge, and the team found no evidence of any vulnerability on the Horizon bridge.
However, he stated that the team indeed found evidence that private keys were compromised, leading to the breach of the Horizon bridge, and the funds were only stolen from the Ethereum side of the bridge.
The hacker was able to access and decrypt several of the private keys, some of which were used to sign the unauthorized transactions.
The Harmony team has since then migrated the Ethereum side of the Horizon bridge to a 4-of-5 multisig since the incident.
“We will continue taking steps to further harden our operations and infrastructure security,” Tse added.
The hacker’s address still has around 85,867 ETH, or around $104.6 million, at the time of writing. Harmony can bid farewell to any chances of recovery if the assets move to services like Tornado Cash.
Harmony Protocol announced that the investigation is still ongoing and the team includes engineers located around the world including the US, Greece, India, and Cambodia.
Team members have handed off their findings to their US colleagues after the hack and they have resumed the investigation alongside their cyber security partners.
The crypto community responded negatively, with many saying that the amount of $1M offered is too small. Harmony’s bounty offer is definitely low in comparison to other large exploits that happened this year.
Three weeks back, Aurora paid a whitehat hacker $6 million for reporting a critical vulnerability that could have resulted in a direct loss of 70k ETH and $200 million to Aurora. Last month, Wormhole rewarded a white hacker with a $10M bounty for rectifying a bug in its core bridge contract on Ethereum on February 24.