{"id":11859,"date":"2022-06-27T07:17:47","date_gmt":"2022-06-27T07:17:47","guid":{"rendered":"https:\/\/nftandcrypto-news.com\/crypto\/harmony-offers-1m-bounty-but-is-it-big-enough\/"},"modified":"2022-06-27T07:17:48","modified_gmt":"2022-06-27T07:17:48","slug":"harmony-offers-1m-bounty-but-is-it-big-enough","status":"publish","type":"post","link":"https:\/\/nftandcrypto-news.com\/crypto\/harmony-offers-1m-bounty-but-is-it-big-enough\/","title":{"rendered":"Harmony offers $1M bounty, but is it big enough?"},"content":{"rendered":"

<\/p>\n

\n

The Harmony layer-1 blockchain project team has offered a bounty equal to just 1% of the $100 million in crypto stolen from the Horizon Bridge hack last week.\u00a0<\/p>\n

Harmony tweeted<\/a> on June 26 that the team had committed $1 million for the return of the funds that were stolen from the Horizon Bridge on June 23. It added, \u201cHarmony will advocate for no criminal charges when funds are returned.\u201d<\/p>\n

\n

We commit to a $1M bounty for the return of Horizon bridge funds and sharing exploit information. <\/p>\n

Contact us at whitehat@harmony.one or ETH address 0xd6ddd996b2d5b7db22306654fd548ba2a58693ac. <\/p>\n

Harmony will advocate for no criminal charges when funds are returned.<\/p>\n

\u2014 Harmony (@harmonyprotocol) June 26, 2022<\/a><\/p><\/blockquote>\n

However, concerns have been raised that the modest bounty sum may not be enough to incentivize the attacker to return the funds.<\/p>\n

The Horizon Bridge is a token bridge between the Harmony blockchain and the Ethereum network, Binance Chain, and Bitcoin. The Bitcoin bridge was not affected in this exploit.<\/p>\n

Compared to other high-profile exploits this year, Harmony\u2019s bounty offer ranks low. The $10 million offered to the Rari Fuse attacker in May was 12.5% of the total stolen. The Beanstalk Finance team offered\u00a0$7.6 million which was 10% of the total exploited from the protocol in April. <\/p>\n

Harmony\u2019s bounty offer is so low that the crypto trader known on Twitter as Degen Spartan called it an \u201cinsulting amount.\u201d He added, \u201cimagine losing 100m and thinking you’re in a position to lowball for a 1% bounty lmwo these people are just doing performance art to mitigate legal liability.\u201d<\/p>\n

\n

1M?<\/p>\n

insulting amount, gfy https:\/\/t.co\/TgZ0gDOC43<\/p>\n

\u2014 \ucc0c G \u8dfb \u3058 Goblin of the (@DegenSpartan) June 26, 2022<\/a><\/p><\/blockquote>\n

In an incident response update on the Horizon bridge hack on June 25, Harmony founder Stephen Tse tweeted<\/a> that the hack was not the result of a smart contract code breach, instead, the team found evidence that private keys were compromised which led to the breach of the bridge. <\/p>\n

\n

1\/ An incident response update on the Horizon bridge hack <\/p>\n

Confidentiality is key to maintain integrity as part of this ongoing investigation. The omission of specific details is to protect sensitive data in the interest of our community.<\/p>\n

\u2014 stephen tse s.one stse.eth (@stse) June 26, 2022<\/a><\/p><\/blockquote>\n

Tse said that the Ethereum side of the bridge had migrated \u201cto a 4-5 multisig since the incident.\u201d The vulnerability of the multisig wallet requiring just two out of five signers was brought up by a community member in April, but the issue was not addressed by the Harmony team until now. <\/p>\n

A multisig wallet is a crypto wallet that requires multiple key holders to approve a transaction. These wallets are commonly used at crypto projects.<\/p>\n

As of the time of writing, the Horizon Bridge hacker has not moved the stolen funds into Tornado Cash, an Ether (ETH) mixer, or any other anonymizer.<\/p>\n

Related: <\/em><\/strong>How can crypto stop getting hacked?<\/em><\/strong><\/p>\n

Hope is not lost for Harmony, as its $1 million bounty is not the smallest proportional to the amount of funds lost. In 2021, the Poly Network interoperability platform was hacked for $610 million. The team\u2019s bounty offer of $500,000 was 0.08% of the total stolen. The offer was rejected, but luckily the funds were returned anyway.<\/p>\n<\/div>\n