Around $100m in cryptocurrency was stolen from the Horizon blockchain bridge recently, with a compromised private key to a crypto wallet thought to be behind the theft.
Blockchain bridges, which are used to transfer assets between different chains, have been at the center of several high-profile crypto hacks in recent years, leading major figures in the crypto world to advise against using them completely.
Private keys are used to secure crypto wallets, and password managers are considered one of the most secure places to store such keys.
Horizon’s Bridge is Burned
“The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM [$100 million]” the company revealed on Twitter at the end of last week.
“We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds” they added.
Horizon said it had temporarily paused the Horizon bridge to stop further transactions and assured users that the team was “all hands on deck” for the investigation.
What Is a Blockchain Bridge?
Harmony is a “blockchain bridge” – effectively a way of transferring assets between blockchains. Harmony acts as the bridge between the Ethereum network and the Binance Smart chain.
Vitalik Buterin, the co-founder of the Ethereum network, commented back in January that on the whole, blockchain bridges are insecure. He advised retaining all crypto assets on their native chain to avoid the risk.
Axie Infinity’s Ronin Bridge was hacked earlier this year to the tune of around $540m, with various other bridge hacks having taken place, including a $625m theft from the Poly Network bridge in August of last year and a $320m hack of the Wormhole bridge in February 2022.
To put it simply, bridges have increased the attack surface for hackers. But they’re also newer and have a much smaller development community, so the code hasn’t been scrutinized with the same intensity.
How Unsecured Crypto Wallets Lead to Theft
Although the full explanation of how the money was stolen in this case remains unclear, some researchers have suggested that it could all be down to a “private key compromise”.
The harmony bridge is secured by four multi-signature wallets, with authentication required from two out of four for a transaction to be executed.
A lot of large-scale crypto scams arise because hacks are able to obtain private keys needed to access crypto wallets. The existence of ‘hot wallets’ – crypto accounts that are always connected to the internet/cryptocurrency networks – creates further risks.
Why Using a Password Manager Is Advised
Password managers like LastPass are a great way to securely store the keys to your crypto wallet – much like the passwords to other accounts you own.
Not only will it mean you don’t have to remember it – reducing the risk that you’ll lock yourself out of your own account – but it means it’ll be secured with another password. With credentials for other accounts you own, it'll mean you'll be able to create sufficiently long passwords without having to keep track of them all.
Password managers are particularly good tools to encourage employees to use for their business account passwords, particularly if you're working with sensitive and confidential data on a day-to-day basis.
Nowadays, one weak password can compromise a whole company network – or blockchain bridge. Both can be financially disastrous – so make sure you use software programs and apps that are designed to help.