Threat actors stole $100M in crypto assets from Harmony

From securityaffairs.co

The incident response team announced that it has found no evidence of any breaches of the company smart contract codes or vulnerabilities on the Horizon platform. Harmony pointed out that the consensus layer of the Harmony blockchain remains secure.

“Our incident response team has discovered evidence that private keys were compromised, leading to the breach of the Horizon bridge. Funds were stolen on the Ethereum side of the bridge. The private keys were encrypted and stored by Harmony, with the keys doubly encrypted via passphrase and a key management service, and no single machine had access to multiple plaintext keys.” states the update published by the company. “The attacker was able to access and decrypt a number of these keys, including those used to sign the unauthorized transactions and take assets in the form of BUSB, USDC, ETH and WBTC. All assets were then swapped to ETH and currently remain on the hacker’s account on the Ethereum network. No steps have currently been taken by the hacker to anonymize ownership of these assets.”

Read more…