Harmony offers $1M bounty, but is it big enough?

Must read

The ‘Brussels Effect’ wields real influence over US crypto regulation

The right to privacy is enshrined in many legal traditions around the world. In the United States, it’s protected by the Fourth Amendment; in...

Lack of ‘qualified people’ without more Web3 education, say academics

Australian blockchain academics and educators have called for more robust Web3 education in schools, preparing students for a world that will be dominated by...

Warner Music Group partners with OpenSea to create more Web3 opportunities for artists

The company stated that select artists can launch their NFT collections and limited-edition projects on their own dedicated drop pages. 1174 ...

Market manipulation claims will be hardest ‘nut to crack’ in Bitcoin ETF approval — WisdomTree

“We’re all kind of watching this and seeing what’s going to happen,” said WisdomTree's Will Peck on spot Bitcoin exchange-traded funds in the...

The Harmony team says it will offer $1 million to the hacker who exploited the Horizon Bridge for $100 million, but that may not be enough to get the funds back.

1768 Total views

45 Total shares

Harmony offers $1M bounty, but is it big enough?

The Harmony layer-1 blockchain project team has offered a bounty equal to just 1% of the $100 million in crypto stolen from the Horizon Bridge hack last week. 

Harmony tweeted on June 26 that the team had committed $1 million for the return of the funds that were stolen from the Horizon Bridge on June 23. It added, “Harmony will advocate for no criminal charges when funds are returned.”

We commit to a $1M bounty for the return of Horizon bridge funds and sharing exploit information.

Contact us at whitehat@harmony.one or ETH address 0xd6ddd996b2d5b7db22306654fd548ba2a58693ac.

Harmony will advocate for no criminal charges when funds are returned.

— Harmony (@harmonyprotocol) June 26, 2022

However, concerns have been raised that the modest bounty sum may not be enough to incentivize the attacker to return the funds.

The Horizon Bridge is a token bridge between the Harmony blockchain and the Ethereum network, Binance Chain, and Bitcoin. The Bitcoin bridge was not affected in this exploit.

Compared to other high-profile exploits this year, Harmony’s bounty offer ranks low. The $10 million offered to the Rari Fuse attacker in May was 12.5% of the total stolen. The Beanstalk Finance team offered $7.6 million which was 10% of the total exploited from the protocol in April.

Harmony’s bounty offer is so low that the crypto trader known on Twitter as Degen Spartan called it an “insulting amount.” He added, “imagine losing 100m and thinking you’re in a position to lowball for a 1% bounty lmwo these people are just doing performance art to mitigate legal liability.”

— 찌 G 跻 じ Goblin of the (@DegenSpartan) June 26, 2022

In an incident response update on the Horizon bridge hack on June 25, Harmony founder Stephen Tse tweeted that the hack was not the result of a smart contract code breach, instead, the team found evidence that private keys were compromised which led to the breach of the bridge.

1/ An incident response update on the Horizon bridge hack

Confidentiality is key to maintain integrity as part of this ongoing investigation. The omission of specific details is to protect sensitive data in the interest of our community.

— stephen tse s.one stse.eth (@stse) June 26, 2022

Tse said that the Ethereum side of the bridge had migrated “to a 4-5 multisig since the incident.” The vulnerability of the multisig wallet requiring just two out of five signers was brought up by a community member in April, but the issue was not addressed by the Harmony team until now.

A multisig wallet is a crypto wallet that requires multiple key holders to approve a transaction. These wallets are commonly used at crypto projects.

As of the time of writing, the Horizon Bridge hacker has not moved the stolen funds into Tornado Cash, an Ether (ETH) mixer, or any other anonymizer.

Related: How can crypto stop getting hacked?

Hope is not lost for Harmony, as its $1 million bounty is not the smallest proportional to the amount of funds lost. In 2021, the Poly Network interoperability platform was hacked for $610 million. The team’s bounty offer of $500,000 was 0.08% of the total stolen. The offer was rejected, but luckily the funds were returned anyway.

More articles

Latest article

The ‘Brussels Effect’ wields real influence over US crypto regulation

The right to privacy is enshrined in many legal traditions around the world. In the United States, it’s protected by the Fourth Amendment; in...

Lack of ‘qualified people’ without more Web3 education, say academics

Australian blockchain academics and educators have called for more robust Web3 education in schools, preparing students for a world that will be dominated by...

Warner Music Group partners with OpenSea to create more Web3 opportunities for artists

The company stated that select artists can launch their NFT collections and limited-edition projects on their own dedicated drop pages. 1174 ...

Market manipulation claims will be hardest ‘nut to crack’ in Bitcoin ETF approval — WisdomTree

“We’re all kind of watching this and seeing what’s going to happen,” said WisdomTree's Will Peck on spot Bitcoin exchange-traded funds in the...

Judge orders SEC to turn Hinman documents over to Ripple Labs after months of dispute

U.S. District Court Judge Analisa Torres overruled the SEC’s second attempt to withhold the documents relating to former Division Director William Hinman, who...