1/6
🚨🚨UPDATE on the Harmony Bridge:
Our amazing team member @pioneerDefi did some digging on the @harmonyprotocol Horizon bridge hack for $100m
The bridge contract is: etherscan.io/address/0x2dCC…
Which is under a 5 person multi-sig contract: etherscan.io/address/0x2dCC…
2/6
Looking at this transfer of 592 WBTC from the bridge to the hacker wallet:
etherscan.io/address/0x0d04…
We can decode the input data and receive:0transactionIduint25621108
Looking at transaction 21108 we see it was confirmed by 2 of the multi sig wallets:
3/6
Wallets which confirmed that unlockTokens transaction:
0xf845A7ee8477AD1FB4446651E548901a2635A915
0x812d8622C6F3c45959439e7ede3C580dA06f8f25
4/6
The multi sig contract asks for 4 confirmations but has a function has a function which allows for the alteration of the requirement number
Transactionid 21126 changed the requirement to 4
…which was also approved by those same two wallets in the multi sig
5/6
The Harmony team seems to have just detected the attack a few hours ago and changed the requirement to 4 which you can see the first 8 bytes:
1942
changeRequirement(uint256)
0xba51a6df
Meaning the 5 person Harmony bridge multi sig had 2 wallets approve the transactions
6/6
TLDR: Harmony bridge uses a multi sig contract. 2 of the multi sig wallets approved transaction 21108 to drain 592 WBTC and a few hours later transaction 21126 a transaction which changed the requirement from 2 to 4 signature wallets to secure the bridge
…@harmonyprotocol
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.