This year we saw a lot of vulnerabilities in the crypto space getting exploited and a recent one, the Harmony Bridge attack was just another reminder that this is the high time for everyone to pull up their security measures. Bridges keep substantial liquidity reserves, making them a prime target for hackers, and it is typically unclear how they protect funds.
Let us first see what exactly happened, how it happened, and did we see this coming?
The Horizon bridge which is a Layer-1 PoS blockchain built for native token ONE got hacked and approximately $100 million in ETH were stolen. Harmony’s bridge is managed and secured by two of four multisig wallets where a minimum of two keys are required to authenticate a transaction.
Besides, some of the early reports have shown that the attacker was able to gain control of the multisig wallet and confirmed the transactions to transfer the stolen funds directly. This same fashion of private keys getting stolen was seen earlier as well when Ronin Bridge lost about $620 million to hackers.
We did see something like this coming when the founder of the crypto-focused VC Chainstride, Ape Dev predicted that a very simple attack by getting two of the owners to sign off on transfers could lead to a hack worth up to $330million. Harmony devs had enough time to become #LiminalSecure and save the damage. Let’s see how.
How Liminal could have reduced Harmony’s damage?
Harmony could have saved itself in two simple steps.
First is, using Liminal’s cold multisig wallets protected with hardware wallets and enterprise HSMs to store the majority of assets
As we mentioned earlier, Bridges keep weighty liquidity, Harmony could have used Liminal’s cold multisig wallets protected with hardware wallets and enterprise HSMs to store the majority of assets. In simple words, funds could have been managed differently by keeping only the operational funds in the hot wallet and the rest could have been kept in a safe cold wallet.
The second step is, using Liminal’s refill wallets to minimize funds in the hot bridge wallet.
Refill wallets are a conduit between the platform’s hot wallets and other funding sources including the cold wallets. Refill wallets share a few similarities with the conventional warm wallets which includes the multisig setup, but with enhanced security and automation. Members of Liminal Smart Refill Wallet can sign transactions in advance to enable automated refills.
Whenever the funds fall below the operational threshold (for example, 10%-20% of the whole amount), the refill wallet would automatically transfer the funds from the cold wallet to the hot wallet for a prefixed amount and schedule.
Coming back to the day of the heist, when the attacker was transferring the funds, Hot wallet would have only held the funds as per the daily transactional requirement. Once the hot wallet fell below the threshold amount, it would have triggered the refill of a fixed amount as and after the refilling, the cool down period would have started for the next refill.
This whole refill transaction would have been notified to all the wallet members and the cool-down period could have given enough time to take action of stopping the refills and further transactions from the cold wallet to the hot wallet.
If Harmony had used Liminal, the picture could have been a little different. We at Liminal understand the value of your assets and hence we are built with the ethos of security to make sure that such mishappenings do not occur.
Follow our blog and social media channels to keep yourself updated.
Original Content Published On Medium