Harmony founder stephen tse updated the incident of “the cross-chain bridge Horizon between Harmony and ETH was attacked”, saying that there is no evidence of any vulnerability found on the Horizon platform, and the consensus layer of the Harmony blockchain is secure.
The team found evidence that the private key was compromised, leading to the Horizon attack. Funds were stolen from the Ethereum side of the cross-chain bridge. The attacker successfully accessed and decrypted some of these keys, some of which were used to sign unauthorized transactions. The stolen assets included BUSD, USDC, ETH, and WBTC.
Since the incident, Harmony has migrated the Ethereum side of the Horizon bridge to 4/5 multisig (4 out of 5 required).
Harmony will continue to take steps to further enhance operational and infrastructure security. As previously reported, a Polygon security researcher tweeted that hackers may complete the multi-signature process by invading the Horizon bridge hot wallet server.