Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
Harmony Horizon bridge was hacked. According to the analysis of SlowMist MistTrack, the attackers made more than 100 million US dollars, including 11 ERC20 tokens, 13,100 ETH, 5,000 BNB and 640,000 BUSD. On the 26th, Harmony founder Stephen Tse said on Twitter that Horizon was attacked not because of a smart contract vulnerability, but because of a private key leak. Although Harmony stored the private keys encrypted, the attacker decrypted some of them and signed some unauthorized transactions. At present, Harmony has migrated Horizon's verification authority on the Ethereum side to 4/5 multi-signature. It is reported that this incident is suspected to be related to the North Korean hacker group Lazarus Group. Attack method (per SlowMist): Private Key Leakage. Reported loss: $ 100,000,000.
- chain
- ethereum
- protocol
- Harmony
- bug_class
- private-key
- date_occurred
- 2022-06-24
- loss_usd
- $100,000,000
- source_id
- sm:harmony::2022-06-24