fbpx
Connect with us

Bit Coin

Harmony’s $100M Hack Was Due to a Compromised Multi-Sig Scheme, Says Analyst

Published

on

Harmony’s $100M Hack Was Due to a Compromised Multi-Sig Scheme, Says Analyst

Harmony's $100M Hack Was Due to a Compromised Multi-Sig Scheme, Says Analyst

On June 23, 2022, the Harmony development team announced that $100 million was siphoned from the Horizon bridge, and the organization explained it was working with national authorities and forensic specialists. According to an account published Polygon’s chief information security officer, Mudit Gupta, the Horizon bridge attacker allegedly took control of the multi-signature wallet leveraged in Harmony’s bridge.

Harmony’s Multi-Sig Exploited Polygon’s CSO Says, Harmony Protocol’s Founder Found Evidence That ‘Private Keys Were Compromised’

Three days ago, Harmony explained that it was attacked and the team witnessed $100 million siphoned from the Horizon bridge. “The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100 [million],” Harmony tweeted on Thursday. “We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds,” the Harmony team added.

Following the exploit, the very next day, Polygon’s chief information security officer, Mudit Gupta, said that the bridge was a 2 of 5 multi-signature scheme, and anyone with two of the addresses can take control of it. “The hacker compromised 2 addresses and made them drain the money,” Gupta added. Gupta said while the details aren’t public yet he summarized what he believes took place during the hack. “The two addresses were likely hot wallets used to listen for and process legit bridging transactions,” Gupta explained.

“The attacker compromised the server(s) that these hot wallets were running on,” the Polygon CSO wrote on Friday. “Once inside the server, they could access the keys that were kept in plaintext for signing legit transactions. The server exploit was likely either SSH key compromise or social engineering. This is eerily similar to how Ronin was hacked.” The analyst further added:

This was not a ‘Blockchain Hack.’ It was a ‘Traditional Hack.’ I’ve been begging protocols to focus on traditional security too alongside blockchain security for months now…

Furthermore, an incident report written by the Harmony Protocol’s founder says “the team has found evidence that private keys were compromised, leading to the breach of our Horizon bridge — Funds were stolen from the Ethereum side of the bridge.” The Harmony founder also noted that “confidentiality is key to maintain integrity as part of this ongoing investigation — The omission of specific details is to protect sensitive data in the interest of our community.”

What do you think about the Harmony exploit for $100 million? Let us know what you think about this subject in the comments section below.

Jamie Redman

Jamie Redman is the News Lead at Bitcoin.com News and a financial tech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He has a passion for Bitcoin, open-source code, and decentralized applications. Since September 2015, Redman has written more than 5,000 articles for Bitcoin.com News about the disruptive protocols emerging today.

Image Credits: Shutterstock, Pixabay, Wiki Commons

Go to Source

Bit Coin

Crypto Exchange Zipmex Moves to Release Some BTC, ETH Holdings This Week

Published

on

Crypto Exchange Zipmex Moves to Release Some BTC, ETH Holdings This Week

Shortly after resuming withdrawals for some altcoins, Asian crypto exchange Zipmex announced that it will be easing withdrawal amounts of Bitcoin and Ether later this week.

The statement comes after the platform had assured its users on August 4 that it is “committed to resuming all services on the Zipmex platform ASAP and to rebuild confidence and alleviate customer concerns.”

August 11, 16 earmarked for release

Zipmex, a cryptocurrency exchange with offices in Singapore and Thailand, announced a temporary halt to client withdrawals from the platform back on July 20. While the exchange blamed falling crypto asset prices and loan defaults by industry heavyweights for the decision, it said it will resume withdrawals less than 24 hours after suspending operations.

Now, despite the exchange’s battle with Babel and Celsius, it intends to release a specific amount of ETH and BTC on August 11 and 16, respectively.

Zipmex is planning to release a specific amount of ETH and BTC on 11 and 16 August respectively. We’re working hard to release the balance of Z Wallet holdings ASAP.

Thank you for your ongoing patience and support.

Zipmex Team

#Zipmex pic.twitter.com/moywJffXau

— ZIPMEX (@zipmex) August 8, 2022

Previously on August 2, 100% of users’ SOL was released, 100% of XRP was announced for release on August 4, and Zipmex said it will make 100% of ADA available on August 9, 2022. Stablecoins, on the other hand, will remain inaccessible for the time being.

Meanwhile, in Singapore, Zipmex has requested bankruptcy protection to address its financial concerns by way of a moratorium for five of its businesses. While the hearing is to take place on August 15, it is crucial to reiterate that Zipmex has raised a total of $62.9 million in investment over the course of 6 rounds. As per Crunchbase, Coinbase and B Capital Group were the most recent investors.

That said, co-founder Akalarp Yimwilai had also stated on Twitter last month that the “primary objective at this stage is to raise funds and open up Z Wallet as soon as possible.”

We reiterate that we have an audit trail and written evidence on all sequence of events. However, our primary objective at this stage is to raise funds and open up Z Wallet as soon as possible.

— Akalarp Yimwilai (@akalarp) July 29, 2022

Will the Singapore court go the Vauld way?

Just last week, the High Court of Singapore granted the troubled cryptocurrency lender Vauld a three-month moratorium period. As a result, the corporation will be effectively protected from any prospective legal action from creditors during this time. Therefore, a similar route for Zipmex will allow the platform to resolve its liquidity issues and re-enable its Z wallet.

Just to reiterate, Zipmex Asia Pte Ltd, Zipmex Pte Ltd, Thailand-based Zipmex Company Limited, PT Zipmex Exchange Indonesia, and Zipmex Australia Pty Ltd are among the businesses asking for assistance under Section 64 of Singapore’s Insolvency, Restructuring and Dissolution Act 2018. According to Singaporean legislation, these businesses must be given an automatic moratorium for 30 days or until the court issues a ruling.

What do you think about this subject? Write to us and tell us!

Disclaimer

All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.

Go to Source

Continue Reading

Bit Coin

Dave Portnoy’s SafeMoon position is down 94%, claims he’s being sued by project

Published

on

Dave Portnoy’s SafeMoon position is down 94%, claims he’s being sued by project

The Barstool Sports founder panic-sold Bitcoin in 2020 and has expressed fleeting interest in digital assets ever since.

1258 Total views

48 Total shares

Dave Portnoy's SafeMoon position is down 94%, claims he's being sued by project

Barstool Sports founder Dave Portnoy has watched his investment in SafeMoon (SAFEMOON) crash by over 94%, proving to crypto enthusiasts that he is, in fact, capable of hodling during the bear market. 

The stock trader and media personality took to Twitter on Monday to lament his $40,000 investment in the memecoin, which has fallen to just $2,370.94 after he didn’t withdraw a single token. “Still holding by the way,” Portnoy said. “Diamond hands.”

I put 40k into @safemoon I haven’t withdrawn any. It’s not worth 2.3k. And I’m being sued. https://t.co/qRAyBegQMm

— Dave Portnoy (@stoolpresidente) August 8, 2022

Portnoy claimed that he’s also being sued by SafeMoon, possibly for “trashing” the project on his show, but didn’t elaborate much further. In a separate tweet, Portnoy shared a screenshot of SafeMoon’s sales manager expressing displeasure with the Barstool Sports frontman for giving the company “a bad look and unfair representation.” Portnoy “mentioned his SafeMoon losses on air but failed to mention he hasn’t upgraded his holdings to V2 yet,” the manager said.

And let’s not forget when @safemoon themselves complained about me trashing them. pic.twitter.com/1Fg2i9lijC

— Dave Portnoy (@stoolpresidente) August 8, 2022

Portnoy is no stranger to cryptocurrencies, having bought Bitcoin (BTC) in August 2020 only to sell it one week later due to volatility. He later expressed regret over his lack of conviction and went on to make several additional bets on cryptos, which included SafeMoon.

Related: Dogecoin founder speaks out against ‘meme coins’

As far as prices go, SafeMoon is down over 99% from its all-time high of $0.00001399 in April 2021, according to CoinMarketCap. The coin has a lifetime return on investment of negative 86%. 

SafeMoon was audited in May 2021 by blockchain security firm HashEx. At the time, the firm identified 12 smart contract vulnerabilities, including a “temporary ownership renounce” that made it especially prone to a rug pull.

Go to Source

Continue Reading

Bit Coin

Circle freezes blacklisted Tornado Cash smart contract addresses

Published

on

Circle freezes blacklisted Tornado Cash smart contract addresses

Stablecoin issuers can blacklist interactions with the Tornado Cash DApp on the Ethereum smart contract level.

997 Total views

19 Total shares

Circle freezes blacklisted Tornado Cash smart contract addresses

Crypto data aggregator Dune Analytics said that, on Monday, Circle, the issuer of the USD Coin (USDC) stablecoin, froze over 75,000 USDC worth of funds linked to the 44 Tornado Cash addresses sanctioned by the U.S. Office of Foreign Assets Control’s Specially Designated Nationals and Blocked Persons (SDN) list. Tornado Cash is a decentralized application, or DApp, used to obfuscate the trail of previous cryptocurrency transactions on the Ethereum blockchain. 

All U.S. persons and entities are prohibited from interacting with the virtual currency mixer’s USDC and Ethereum smart contract addresses on the SDN list. Penalties for willful noncompliance can range from fines of $50,000 to $10,000,000 and 10 to 30 years imprisonment. An estimated $437 million worth of assets, consisting of stablecoins, Ethereum, and wrapped Bitcoin (WBTC), are currently held in Tornado Cash’s smart contract addresses. As a result, issuers are expected to take steps to prevent the transaction or redemption of such assets. 

Both the entities behind USDC and Tether can freeze their stablecoin transfers to and from Tornado Cash on the Ethereum smart contract level. Meanwhile, Palo Alto, California-based BitGo, would also, theoretically, need to restrict access to Tornado Cash to comply with such sanctions. One possible method is suspending the redemption of Tornado Cash-linked WBTC.

As told by pseudonymous DeFi educator BowTiedIguana, the new Tornado Cash sanctions apply across the board for U.S. individuals and entities. Simple interactions such as Gitcoin donations, working for the project, running or downloading its software, visiting its website, and depositing/withdrawing from smart contracts could be interpreted as violations. 

Circle just frozen 75,000 USDC belonging to unsuspecting Tornado users, as well as 149 USDC donated to the project. pic.twitter.com/GBS41FtZvB

— banteg (@bantg) August 8, 2022

Go to Source

Continue Reading
Home | Latest News | Cryptocurrency | Bit Coin | Harmony’s 0M Hack Was Due to a Compromised Multi-Sig Scheme, Says Analyst
a

Market

Trending