On June 23rd, 2022, the Horizon Bridge of the Harmony layer-1 blockchain was exploited in a major heist. Over $100 million worth of altcoins were stolen within just 18 minutes through 11 transactions that originated from the bridge.
Harmony is a layer-1 blockchain protocol that uses proof-of-stake consensus to validate and secure its network. The native token is ONE and its main purpose is to enable users to exchange assets, such as tokens, stablecoins, and NFTs, between Binance Smart Chain (BSC), Ethereum (ETH), and Harmony blockchains. The bridge was shut down shortly following the attack.
According to developers’ documents, the smart contracts deployed on Ethereum, BSC, and Harmony allowed attackers to exploit the network by an intricate mechanism. A pool of validators verified when users locked liquidity on any of these networks. If an action involving a token lock on Ethereum was detected, the pool would verify it and relay this information to Harmony where a matching bridged token would be minted. On the other hand, when a bridged token burn was detected on Harmony’s side then this information would be relayed to Ethereum where an equal amount of original token is unlocked.
Frax (FRAX), Wrapped Ether (wETH), Aave (AAVE), SushiSwap (SUSHI), Frax Share (FXS), AAG (AAG), Binance USD (BUSD), Dai (DAI), Tether (USDT), Wrapped BTC (wBTC) and USD Coin (USDC) are among the tokens that were stolen from the bridge in this incident. All of them were sent to different wallets and eventually swapped for ETH using Uniswap before being sent back again to their original wallet.