An unidentified hacker group has stolen more than $100million from Californian cryptocurrency firm Harmony.
Last Thursday, the company made the announcement via Twitter. They said that they had identified a theft occurring on the Horizon bridge amounting to approximately $100m.
The first Tweet reads, “we have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.”
Harmony published the cryptocurrency address of the malicious actor and reassured customers that the rest of the funds held on its blockchain were safe.
“Note this does not impact the trustless BTC bridge; its funds and assets stored on decentralized vaults are safe at this time.”
The company said that it notified exchanges of the theft and stopped the Horizon bridge to prevent further transactions.
One of the posts reads, “The team is all hands on deck as investigations continue.”
“We will keep everyone up-to-date as we investigate this further and obtain more information.”
The company posted an update on Sunday, offering a $1m bounty for the return of the Horizon bridge funds and sharing exploit information.
They added, “Harmony will advocate for no criminal charges when funds are returned.”
The company’s founder Stephen Tse also posted on Twitter on Thursday, saying that confidentiality was key to maintaining integrity as part of this ongoing investigation.
“The omission of specific details is to protect sensitive data in the interest of our community. Incident response has found no evidence of smart contract code breach. No evidence of any vulnerability on the Horizon platform was found. Our consensus layer of the Harmony blockchain remains secure.”
Tse added that the team found evidence that private keys were compromised, leading to the breach of the Horizon Bridge and funds being stolen from the Ethereum side of the bridge.
“The attacker was able to access and decrypt a number of these keys, some of which were used to sign the unauthorized transactions. Stolen assets include BUSD, USDC, ETH, and WBTC.”
There have been many other cryptocurrency thefts this year so far, including a group of fraudsters making nearly $1.7m by promising cryptocurrency giveaways on YouTube, in April.