Harmony blockchain loses nearly $100M due to hacked private keys
Credit to Author: Paul Ducklin| Date: Mon, 27 Jun 2022 18:14:53 +0000
Another day, another De-Fi (decentralised finance) attack.
This time, online smart contract company Harmony, which pitches itself as an “open and fast blockchain”, has been robbed of more than $80,000,000’s worth of Ether crypocoins.
Surprisingly (or unsurprisingly, depending on your point of view), if visit Harmony’s website, you’ll probably end up totally unware of the massive loss that the business just suffered.
Even the business’s official blog, linked to from the website, doesn’t mention it.
The most recent blog article dates to the very start of 2022, and is entitled Lost Funds Investigation Report.
Unfortunately, those lost funds aren’t these lost funds.
Apparently, at the start of the year, those lost funds happened when five individuals were ripped off to the tune of just over 19 million of Harmony’s ONE tokens, then apparently worth about 25 US cents each.
Harmony made an offer, back on 04 January 2022, stating that:
We wish to provide the suspect an opportunity to communicate with the Harmony Foundation and return all funds. Harmony will not pursue further legal action or dox your identity so long as we receive your full cooperation. The team will offer you a bounty to reveal how this theft was performed so long as it can be validated.
We’re not sure whether it’s legal for a company to offer to rewrite history to pretend that an unauthorised and probably illegal hack was actually legitimate research, though it did seem to work in the infamous $600 million hack of Poly Networks.
The perpetrator of the crack in that case made a flurry of curious pseudo-political blockchain announcements ALL IN CAPS, written in artifically poor English, to claim that money wasn’t the motivator behind the crime.
Ultimately, after currying favour with the cracker by adopting the nickname Mr White Hat, Poly Networks (to many people’s astonishment, including our own) got most of their funds back.
We’re also not sure just how much insulation from prosecution any offer from the victim not to “press charges” is likely to provide, given that in many countries, it’s the state that usually takes the decision to investigate, charge and prosecute suspects for criminal offences.
Some countries, such as England, do give private individuals (including professional bodies or charities) the right to conduct a private prosecution if the state doesn’t want to do it, but they don’t give crime victims a “corollary right” to prevent the state from prosecuting a case if it does want to do so.
Nevertheless, Poly Networks’ unexpected success in recovering more than half-a-billion dollars has encouraged other cryptocurrency businesses to try this “wipe the slate clean” approach, presumably on the grounds that there’s often not much else they can do…
…but it doesn’t seem to work terribly often.
It certainly didn’t seem to work for Harmony in January 2022, though if the perpetrator hasn’t yet been able to cash out their ill-gotten gains, they might regret not taking up the offer.
By 15 January 2022, when Harmony’s fake “bug bounty offer” expired, ONE tokens peaked at $0.35, but have since sunk to below 2.5 cents each, according to CoinGecko.
Once more unto the not-a-breach
That hasn’t stopped Harmony trying the bug-bounty-based historical revisionist approach once again, contacting the June 2022 hacker via the Ether blockchain to say:
The Harmony team is interested in communicating and negotiating. Please reach out at security@harmony.one to start a conversation. Communication can be anonymous. ID: 0xc8f0dbe83ef36ab59c1fd57099d5ed98c65ff71d0cc69d0084ca570ee26141bb
Since then, numerous other chancers, jokers and cryptocommentators have stepped up to the blockchain as well to say…
Technology is the primary productive force, amazing, great god, I hope you can give me some tokens, I wish you good luck and get away perfectly ID: x337edbfeb3c6aba36b02e90015be51f0057995eebbe6d8d1f26205ed8449d19c 1 for bless you 6 for stress you ID: 0x08b7f4914dab2170cdc2ed2cc9760c8478bb3652670cb2fe16f5302c3ad98701 Hello, I think your skills are very good and I admire you very much. I heard that you are being investigated. I wish you good luck. Also, can you send me a little eth if you can? I am a poor man with a family to support and my children are still young, thank you so much, God bless you ID: 0x505e8914fd0e926e53ef85ba78b7a4e73db564f36fa62a3585383f7cd33be2c8 大哥,给我发1个eth,我感谢你呀,大佬呀,你试大佬啊,你真的是大佬 (Bro, send me 1 eth. I thank you, bro. You really are my bro!) ID: 0x14ced8b1ec700ce93413e3e537c75beffd7846a68bbda53cabb5cf641296a02e I love you, will you have e-sex with me? ID: 0x77dfa12c1d21d7385764d48a72c075c12a1ccd843457e4e364e2a7249fbe9cff
In case you’re wondering, The hacker or hackers seem to have made off with at least the following funds, with the US$ values below computed based on a rate of ETH1 = US$1100 (the rate at the time of writing [2022-06-27T17:50Z] is actually closer to $1200 than $1100):
ETH total IN Approx value Transaction ID -------------- -------------- ------------------------------------------------------------------ ETH 4,570.000 $5,027,000.00 0xb4d60d5161b8508098d9c21834377eaded6b8668d205dfe4bfa7b6dd30f7a192 ETH 3,899.000 $4,288,900.00 0x9cdf447483508d632c5531c5dac8ed31486c0f054c0004bc80a9e07521b3d506 ETH 7,077.000 $7,784,700.00 0xb1d78f2eeea53f1624eea3020409d47c55c868ecf3e0f896e672d04f23fac007 ETH 9,850.000 $10,835,000.00 0x9eced2a4fbc3d95a8ea1a10dd4215b6bf7cbc633d06405e9f052a35f11c59f69 ETH 4,439.000 $4,882,900.00 0x4cceded4cce367631ab6cc11288bd0840d9f9a537b982e1b903205f274fc38a4 ETH 4,431.000 $4,874,100.00 0x9cd567022752e35be9bb429e030a28efad63bcd86ffb3c48ac661c5f966e7aab ETH 7,990.000 $8,789,000.00 0xdd37bafa2b0941df21e5c5f97558462b394a6013f756954700060ccd354f7eb2 ETH 5,380.000 $5,918,000.00 0xc8382891f4c60c86e5485816a3d79dc5a96b77ad1538b3eb1ee747f7cc18bc46 ETH 14,190.000 $15,609,000.00 0x8447ae8f9367d2f9217355065f620c4e099bfe0ecb4db0e94eb2b32246c859c7 ETH 4,965.000 $5,461,500.00 0x6650ff5c97a026258a25f9e8b15f77f68f34f6f9d5fd39b28bcce316f3b8ef87 ETH 4,919.000 $5,410,900.00 0x02a9727da800d2bb2000f346b28e925d3fffcd88f4ec2e5c0df6753dc8873139 ETH 43.394 $47,733.49 0x3eb9dd782d1c80b292c068ad657f444cba842e6757d1f3b4190c79d7651164b2 ETH 911.000 $1,002,100.00 0x134baf1e5da1ad9f2c99cad48149ac629fdf51cb44a14370756dc02c06510b99 ETH 75.000 $82,500.00 0x62a0a9f6a3ce55f7af494a0e8735a2ba00c5f30cc7b662b899db91099a3dfe60 ETH 30.000 $33,000.00 0x31b5e79ea63ffe4cc00521ec5d2224953ee0ce0cc7cf2284063c02dd494d1e15 -------------- -------------- ETH 72,769.394 $80,046,333.49
Earlier today, despite Harmony offering a $1,000,000 “bounty” and saying it will “advocate for no criminal charges”…
We commit to a $1M bounty for the return of Horizon bridge funds and sharing exploit information.
Contact us at whitehat@harmony.one or ETH address 0xd6ddd996b2d5b7db22306654fd548ba2a58693ac.
Harmony will advocate for no criminal charges when funds are returned.
— Harmony 💙 (@harmonyprotocol) June 26, 2022
…the hacker seems to have paid out a substantial chunk of the above ETH72,769 to an account that doesn’t seem to be connected with Harmony, or at least isn’t being claimed by Harmony:
ETH total OUT Approx value Transaction ID -------------- -------------- ------------------------------------------------------------------ ETH 18,036.300 $19,839,930.00 0x2f259dec682ccd6517c09b771d6edb439f1925e87b562a72649a708fdd0511e1
At least one apparently panicked customer has reached out more desperately and eloquently than some of the other commenters to say:
BISH! DIDN'T YO MAMA TEACH YOU NO MANNERS? WHAT THIS SENDING 7m ONLY. JUST SEND US SOMETHING LET US KNOW YOU TAKING THE RIGHTEOUS PATH. OHH I SEE SO NOW YOU HAVE 97m IN ETHER AND JUST TAKING OFF A LITTLE OF THAT CREAM. OKAY BISH LOOKING GOOD YOU RETURN THAT 97M AND HARMONY CREW GOTS TO RESPECT THAT, 3 A MAGIC NUMBER AND ALL THAT SHI. I AIN'T SLEPT FOR DAYS, GIVE US A SIGNAL BISH, ANYTHING!!!! ID: 0x3db5cd2270c27808d282a3efccd33342da69312ba07561e2a11a6f1716b0b259
What happened?
Harmony’s write-up so far suggests that the attacker or attackers pulled of this heist despite the fraudulent transactions requiring multiple signatories with each signer having their private key split between two storage locations, one local and one on a keyserver.
Unfortunately, it seems that even though the “multisig” process in this case required two of five trusted parties to co-sign, the attackers were nevertheless able to compromise two of the five private keys needed.
Apparently, Harmony has now decided to require four of the five trusted parties to co-sign, though you could argue that with two of the five having already demonstrated their unreliability, that’s equivalent to restoring the status quo of requiring “two trusted parties”.
Also, what Harmony hasn’t revealed (and may not yet even know) is whether there was a common reason for the compromise of the two private keys that led to the unauthorised transfers.
After all, there’s no point in having N-factor authentication where N > 1 if there’s a common point of failure between all N factors.
For example, if you have laptops with hard disks protected by both boot-time passwords and one-time code sequences generated by a mobile phone, you effectively have 3FA, so that an attacker needs to: possess the laptop; know the password; and either be able to unlock the user’s phone or recover the seed for the code sequence.
But if you have a user who writes their password and their authenticator seed code on a sticky label and pastes it on the bottom of their laptop, then you are straight back down to 1FA: all security rests in possession of the laptop itself.
Don’t be that user!
And don’t let any of your friends or colleagues be that user, either…