An unidentified hacker group has stolen more than $100m from Californian cryptocurrency firm Harmony.
The company made the announcement last Thursday in a Twitter thread, saying they had identified a theft occurring on the Horizon bridge amounting to approximately $100m.
“We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds,” reads the first Twitter post.
Further, Harmony published the cryptocurrency address of the malicious actor and reassured customers the rest of the funds held on its blockchain were safe.
“Note this does not impact the trustless BTC bridge; its funds and assets stored on decentralized vaults are safe at this time.”
The company also said it notified exchanges of the theft and stopped the Horizon bridge to prevent further transactions.
“The team is all hands on deck as investigations continue,” reads one of the Twitter posts.
“We will keep everyone up-to-date as we investigate this further and obtain more information,” Harmony said last Thursday.
The company later posted another update on Sunday, offering a $1m bounty for the return of the Horizon bridge funds and sharing exploit information.
“Harmony will advocate for no criminal charges when funds are returned,” the company added.
Harmony founder Stephen Tse also posted on Twitter on the same day, saying that confidentiality was key to maintaining integrity as part of this ongoing investigation.
“The omission of specific details is to protect sensitive data in the interest of our community. Incident response has found no evidence of smart contract code breach. No evidence of any vulnerability on the Horizon platform was found. Our consensus layer of the Harmony blockchain remains secure.”
However, Tse added the team found evidence that private keys were compromised, leading to the breach of the Horizon bridge and funds being stolen from the Ethereum side of the bridge.
“The attacker was able to access and decrypt a number of these keys, some of which were used to sign the unauthorized transactions. Stolen assets include BUSD, USDC, ETH, and WBTC.”
The Harmony hack is hardly the first large cryptocurrency theft we reported on in 2022. Back in February, cross-blockchain bridge Wormhole confirmed attackers stole 120,000 Ethereum tokens worth over $320m.
In April, a group of online fraudsters made nearly $1.7m by promising cryptocurrency giveaways on YouTube.
More recently, Cryptocurrency mixing service Blender.io was hit with US government sanctions for alleged connections with North Korean hackers responsible for a $620m crypto theft that occurred in March