Harmony is a blockchain platform designed to facilitate the creation and use of decentralized applications (DApps). The network aims to innovate the way decentralized applications work by focusing on random state sharding, which allows the creation of blocks in seconds.

The blockchain focuses on processing speed and validation. The Harmony mainnet was created to revolutionize block creation. The platform aims to do so by introducing the sharding process and this will help the company reduce node validation times significantly. Due to this, the Network’s Horizon Bridge is capable of facilitating token transfers between Harmony and the Ethereum network, Binance Chain and Bitcoin.

To ensure the protection of nodes and secure the validation process, Harmony introduced the Verifiable Random Function (VRF) for unbiased and unpredictable shard membership. This means that nodes and validators are assigned and re-assigned in a randomized manner.

Harmony introduces a new version of the proof-of-stake (PoS) consensus called effective proof-of-stake (EPoS). This method allows simultaneous staking from hundreds of validators. This consensus method was developed in accordance with the sharding concept utilized in the Harmony network.

Unlike proof-of-work (PoW) consensus mechanisms, EPoS is designed for faster processing times and improved scalability. While PoW requires a lot of electrical and computing power, staking consensus methods rely on an abundance of value holders, who become validators.

Harmony is also looking to boost staking incentives to attract more node operators. The Harmony Open Staking initiative encourages interaction with the network and incentivizes stakeholders with the highest amount of ONE tokens.

ONE token down over 50% in the last 30 days

Harmony, like many other layer 2 (L2) platforms, has its native token, ONE, which stresses the protocol’s objective of assisting open consensus procedures for billions of individuals throughout the world.

The ONE token, the native token of the Harmony Blockchain, is down over 50% in the last 30% and over 25% in the last seven days. The decline in the last week comes as the broader cryptocurrency market is rallying with DeFi tokens like COMP, leading the charge.

The ONE token is utilized as a stake in the Harmony consensus model. Holders can earn block rewards and be rewarded for keeping the system running smoothly. The ONE token is also used to pay for all platform activities and amenities, including voting, transaction fees, gas fees, staking and earning rewards. The ONE token had a dynamic inflation schedule up until March 2020. Later, the rate of inflation was changed to a fixed annual rate.

The decline in the token is as a result of the $100 Million dollar hack that the platform suffered just five days ago. A popular product on the Harmony network, the Horizon bridge, was exploited for over $100 million in cryptocurrencies in what is one of the biggest crypto hacks in recent weeks.

What caused the $100 million hack

• The Harmony development team announced that $100 million was siphoned from the Horizon bridge and the organization explained it was working with national authorities and forensic specialists.
• Following the exploit, the very next day, Polygon’s chief information security officer, Mudit Gupta, said that the bridge was a 2 of 5 multi-signature scheme, which means that anyone with two of the addresses can take control of it.
• He explained, “The hacker compromised 2 addresses and made them drain the money.” Gupta said while the details aren’t public yet he summarized what he believes took place during the hack. “The two addresses were likely hot wallets used to listen for and process legit bridging transactions,” Gupta explained.
• He further stated, “Once inside the server, they could access the keys that were kept in plaintext for signing legit transactions. The server exploit was likely either SSH key compromise or social engineering. This is eerily similar to how Ronin was hacked.”
• He then concluded by adding, “This was not a ‘Blockchain Hack.’ It was a ‘Traditional Hack.’ I’ve been begging protocols to focus on traditional security too alongside blockchain security for months now.”

What you should know

• 11 transactions were made from the bridge for various tokens. The hackers have since begun sending tokens to a different wallet to swap for ETH on the Uniswap decentralized exchange (DEX), then sending the ETH back to the original wallet.
• Frax (FRAX), Wrapped Ether (wETH). Aave (AAVE), SushiSwap (SUSHI), Frax Share (FXS), AAG (AAG), Binance USD (BUSD), Dai (DAI), Tether (USDT), Wrapped BTC (wBTC) and USD Coin (USDC) were stolen from the bridge through this exploit.
• The Harmony project team offered a bounty equal to just 1% of the $100 million in crypto stolen from the Horizon Bridge hack last week.
• Harmony tweeted on June 26 that the team had committed $1 million for the return of the funds that were stolen from the Horizon Bridge on Thursday. It added, “Harmony will advocate for no criminal charges when funds are returned.”
• However, it looks like the hacker did not go ahead with the proposed $1 million bounty as on-chain analytics forensics company PeckShield revealed that the hacker began moving funds into the data privacy platform, Tornado Cash.
• Blockchain data shows the exploiter wallet marked “Horizon Bridge Exploiter” moved over 36,000 ether (ETH), worth over $44 million, in the past 26 hours.
• Harmony explained that they are aware of the movement and is collaborating with blockchain analysis firms and the U.S. Federal Bureau of Investigation (FBI) to catch the culprit, developers said in a tweet on Tuesday morning.
• On Monday, the exploiter moved over 18,000 ether (ETH), worth over $22 million at the time of writing, to three wallets. The coins were then sent to Tornado Cash, with the three wallets holding only a few Ethereum tokens.
• In Asian hours on Tuesday, the exploiter moved another 18,000 Ether to yet another wallet. From that, some 6,000 ether was then moved to a separate wallet. The funds were again, then sent to privacy swap service Tornado Cash in batches of 100 ether each, blockchain data shows.
• Tornado Cash breaks the on-chain link between a source and a destination address. This allows exploiters and hackers to mask their addresses while withdrawing illicitly gained funds. The main exploiter wallet continues to hold over 49,000 ether, or over $59 million.

The rise of Token Bridge attacks

Vitalik Buterin discussed the issues with token bridges in a Reddit post in January. He explained that when bridges get exploited, it threatens the liquidity of each chain affected. He added that as the amount of token bridges increases, the threat of a 51% attack on one chain could present a greater contagion risk to others. Since his prediction, Meter’s token bridge, Axie Inifinity’s Ronin Bridge and the Wormhole Bridge were each exploited for nearly a combined $1 billion so far in 2022.

Multi-signatures are an ongoing security issue in attacks. The Ronin Bridge was secured by nine validators, only five of which were required to verify a transaction. The attacker took control of the required five validators and extracted over $600 million in assets.

Concerns have previously been expressed as to the soundness of Horizon’s multi-sig wallet on Ethereum, which only required two out of the four signees to drain the funds. A founder of Chainstride Capital crypto-focused venture fund Ape Dev noted on Twitter on April 2 that the low number of required signers would leave the bridge open for “another 9 figure hack.”