Harmony offers $1M bounty, but is it big enough?
The Concord layer-1 blockchain challenge workforce has supplied a bounty equal to only 1% of the $100 million in crypto stolen from the Horizon Bridge hack final week.
Concord tweeted on June 26 that the workforce had dedicated $1 million for the return of the funds that had been stolen from the Horizon Bridge on June 23. It added, “Concord will advocate for no prison costs when funds are returned.”
We decide to a $1M bounty for the return of Horizon bridge funds and sharing exploit info.
Contact us at whitehat@concord.one or ETH deal with 0xd6ddd996b2d5b7db22306654fd548ba2a58693ac.
Concord will advocate for no prison costs when funds are returned.
— Concord (@harmonyprotocol) June 26, 2022
Nevertheless, considerations have been raised that the modest bounty sum is probably not sufficient to incentivize the attacker to return the funds.
The Horizon Bridge is a token bridge between the Concord blockchain and the Ethereum community, Binance Chain, and Bitcoin. The Bitcoin bridge was not affected on this exploit.
In comparison with different high-profile exploits this 12 months, Concord’s bounty provide ranks low. The $10 million supplied to the Rari Fuse attacker in Might was 12.5% of the entire stolen. The Beanstalk Finance workforce supplied $7.6 million which was 10% of the entire exploited from the protocol in April.
Concord’s bounty provide is so low that the crypto dealer recognized on Twitter as Degen Spartan referred to as it an “insulting quantity.” He added, “think about dropping 100m and pondering you are ready to lowball for a 1% bounty lmwo these individuals are simply doing efficiency artwork to mitigate authorized legal responsibility.”
1M?
insulting quantity, gfy https://t.co/TgZ0gDOC43
— 찌 G 跻 じ Goblin of the (@DegenSpartan) June 26, 2022
In an incident response replace on the Horizon bridge hack on June 25, Concord founder Stephen Tse tweeted that the hack was not the results of a wise contract code breach, as a substitute, the workforce discovered proof that non-public keys had been compromised which led to the breach of the bridge.
1/ An incident response replace on the Horizon bridge hack
Confidentiality is vital to keep up integrity as a part of this ongoing investigation. The omission of particular particulars is to guard delicate information within the curiosity of our neighborhood.
— stephen tse s.one stse.eth (@stse) June 26, 2022
Tse stated that the Ethereum facet of the bridge had migrated “to a 4-5 multisig because the incident.” The vulnerability of the multisig pockets requiring simply two out of 5 signers was introduced up by a neighborhood member in April, however the challenge was not addressed by the Concord workforce till now.
A multisig pockets is a crypto pockets that requires a number of key holders to approve a transaction. These wallets are generally used at crypto initiatives.
As of the time of writing, the Horizon Bridge hacker has not moved the stolen funds into Twister Money, an Ether (ETH) mixer, or every other anonymizer.
Associated: How can crypto cease getting hacked?
Hope just isn’t misplaced for Concord, as its $1 million bounty just isn’t the smallest proportional to the quantity of funds misplaced. In 2021, the Poly Community interoperability platform was hacked for $610 million. The workforce’s bounty provide of $500,000 was 0.08% of the entire stolen. The provide was rejected, however fortunately the funds had been returned anyway.
