Horizon Bridge Hack | Lizard Token (?) | dYdX on Cosmos | Exploits across DeFi & More!
Last Week In The Multi-Chain Ecosystem (20th to 26th June 2022)
Bridge Updates
1) Harmony’s Horizon Bridge Hacked 🤐
Horizon Bridge, Harmony’s native (official) bridge, was exploited for $100 million. The team found that private keys were compromised, leading to the breach of Horizon bridge, and funds were stolen from the Ethereum side of the bridge. The hacker swapped $100m in altcoins for ETH.
2) Synapse Integrates Klaytn 🤝🏻
Synapse has integrated Klaytn, a public blockchain focused on the metaverse, gamefi, and the creator economy. The launch will allow users to seamlessly bridge assets between Klaytn and all Synapse-supported blockchains. Synapse will support bridging for USDC/USDT/DAI/ETH/wBTC between Klaytn and other chains when Klap Finance launches.
Speculation around LI.FI’s Lizard tokens launching during Arbitrum Odyssey’s bridge week intensifies as snoopers identity a new repository called lizard-token on LI.FI’s GitHub page.
4) Biconomy’s Hyphen now Supports Optimism 🔴
Hyphen, Biconomy’s bridging protocol, has added support for Optimism — a low-cost and lightning-fast Ethereum L2 blockchain. Users can now use Hyphen to bridge to Optimism in a quick and secure manner. LPs can earn an APY for adding ETH or USDC to Optimism within the Hyphen pools tab.
5) Ronin Bridge Re-Opening on June 28th 👏🏻
The Ronin team has announced that the Ronin Bridge, which was subject to one of the biggest bridge exploits in history a few months ago, will re-open on June 28th with all user funds returned. Re-opening will require a Ronin hard-fork which means all validators must update their software.
6) On-Chain Polygon and Solana Txs on Coinbase 🥳
Coinbase has added support for on-chain Polygon and Solana transactions, making it faster, easier, and cheaper for users to send/receive ETH, MATIC, and USDC on Polygon and USDC on Solana.
Multi-Chain Ecosystem Updates
Inverse Finance, a lending protocol, was subject to an oracle price manipulation incident. The exploit resulted in a loss of $5.83 million in DOLA, with the attacker earning a total of $1.2 million.
2) USDD Depeg 😳
USDD, Tron DAO’s algo-stable has been depegged, trading around the $0.96-0.97 levels. On June 19th, it depegged around 8%, causing many to relate it to the UST/Terra situation.
Uniswap has acquired Genie, an NFT marketplace aggregator, to expand its product offering to include both ERC-20s and NFTs. Uniswap will soon enable buying/selling NFTs on its interface.
4) dYdX V4 on Cosmos 🤔
dYdX, a derivative trading protocol, announced that its V4 upgrade would be launched as a standalone Cosmos-based blockchain based on the Cosmos SDK and Tendermint PoS Consensus protocol.
5) Solana on Mobile 📱
Solana Labs has launched the Solana Mobile Stack (SMS), a toolkit that allows devs to build beautiful, seamless web3 mobile experiences. It provides a new set of libraries for wallets and apps, allowing developers to create mobile apps on Solana. A crypto-native Solana phone is expected to be shipped in Q1 2023.
6) DNX Attacks on Convex and Ribbon 🕵️
Convex and Ribbon were subject to a DNS attack where the hackers hijacked the domain of both projects and attempted to phish users to approve malicious smart contracts.
7) Tether launches GBP₮ 👏🏻
Tether has launched GBPT, Tether tokens pegged to the British Pound Sterling. GBP₮ will launch in early July on Ethereum.
What’s Popping on Twitter?
by Mark Murdock
Horizon Bridge, which links Harmony with Ethereum and Binance Chain, lost $100 million to a hack on Thursday.
Based on a tweet thread from Harmony founder Stephen Tse, the hack did not occur due to a smart contract bug or Hor platform issue. Instead, it was the private keys from the Ethereum side of the bridge that were exploited.
Here’s how:
The Harmony team has yet to come out with an explanation for how the hack occurred. That being said, on-chain analyst and security researcher Mudit Gupta theorized that Horizen funds were drained due to two compromised hot wallet addresses that were used to sign illegitimate transactions in a system that, as Mudit described, “was essentially a 2 of 5 multisig.” Notably, Mudit said that the hack was “eerily similar to how Ronin was hacked” and that “this was not a ‘blockchain hack’. It was a ‘traditional hack”.
As of Sunday night, the Harmony team has yet to uncover the identity of the hacker, though they did offer a $1 million bug bounty for the return of the Horizon funds and the sharing of how the attacker pulled off the exploit. As the hacker remains silent, Harmony has begun working with multiple cyber security partners, exchanges, and the FBI to identify the culprit.
For now, the hacker holds $105 million worth of assets in their address on Ethereum.
According to data collected from Rekt, the hack is the tenth-largest in crypto history. Notably, it is the fourth largest bridge-related loss behind Ronin ($624 million), Poly Network ($611 million), and Wormhole ($326 million). All told, with Horizon’s exploit, over $1.6 billion worth of assets have been affected by hacks stemming from bridging solutions.
Interesting Reads
1) Trail of Bits Research Report: Are Blockchains Decentralized
2) IBC: A Core Primitive for Interchain Native Products
3) What Makes a Good Chain to Build on
4) ELI5 dYdX: Why Cosmos?
5) Solana vs Ethereum
6) Explore Celo by Swapping with LI.FI
If you Liked What you Read
Follow us on Twitter for daily updates and announcements 👐🏻
Join us on Discord to hang out with other UX Maxis 🙌🏻
Join us on Telegram for your weekly dose of the multichain ecosystem! 🌌
Disclaimer: This newsletter is only meant for informational purposes. While many projects featured in the newsletter are our partners, we encourage you to do your own due diligence before using or buying tokens of any protocol mentioned above.
P.S. if you found the content to be useful, pls gib x50 claps 👏🏻
Get Started with LI.FI Today
To learn more about us,
Head to our link portal at links.li.fi
Read our SDK ‘quick start’ at docs.li.fi
Join the official Discord server
Follow our Telegram Newsletter
or try our any-2-any swaps NOW at transferto.xyz