The team behind the layer-1 blockchain Harmony (ONE) has offered the Horizon Bridge hacker USD 1m in bounty for the return of some USD 100m in stolen funds.
“We commit to a [USD] 1M bounty for the return of Horizon bridge funds and sharing exploit information,” Harmony said in a Twitter post on Sunday, sharing a contact email and an Ethereum (ETH) address.
The company also pledged not to advocate for criminal charges when funds are returned.
Meanwhile, the blockchain’s native token ONE keeps dipping. At 7:26 UTC on Monday, the coin is down by more than 4% in a day and 11% in a week. Furthermore, it is down by nearly 94% compared to its all-time high.
The bounty is the latest attempt by the Harmony team to recover approximately USD 100m that was stolen last week from Horizon Bridge, a cross-chain interoperability platform between Ethereum, Binance Smart Chain (BSC), and Harmony blockchain networks.
Harmony first revealed the exploit in a tweet in the early hours of Friday morning, saying that they had “identified a theft occurring this morning on the Horizon bridge amounting to approx. [USD] 100MM.” The team also claimed they began reaching out to cyber security specialists, exchanges, and the FBI.
The Harmony team stated that their investigation team is made up of engineers from around the world and across five time zones, including the US, Greece, India, and Cambodia.
In an update, blockchain analysis firm Elliptic said that the funds “were stolen on both Ethereum and Binance Smart Chain,” detailing that a variety of crypto assets were taken, including Ethereum, Binance Coin, Tether, USD Coin, and Dai, all of which were swapped for ETH.
Stephen Tse, founder and CEO at Harmony, said in a Sunday tweet that they have found no evidence of a smart contract code breach or any vulnerability on the Horizon platform.
“The team has found evidence that private keys were compromised, leading to the breach of our Horizon bridge. Funds were stolen from the Ethereum side of the bridge,” Tse said.
Harmony’s private keys were “doubly encrypted using a passphrase and a key management service,” Tse claimed, adding that the attacker managed to access and decrypt a number of these keys and use them to sign the unauthorized transactions.
The Horizon Bridge hack follows a number of other bridge hacks so far this year that have cumulatively contributed to the loss of over USD 1bn, according to Elliptic.
Among the more notable bridge hacks, the Ronin Network, an Ethereum-based sidechain made for the popular play-to-earn game Axie Infinity, was exploited for more than USD 600m while decentralized finance (DeFi) platform Wormhole lost almost USD 325m to hackers in February.