The Harmony layer-1 blockchain project team offered a reward equal to just 1% of the $100 million in cryptocurrency stolen from the Horizon Bridge hack last week.
Harmony tweeted on June 26 that the team had committed $1 million to return the money stolen from the Horizon Bridge on Thursday. “Harmony will defend that no criminal charges are brought when the money is returned,” she added.
However, concerns have been raised that the modest bonus amount may not be enough to motivate the attacker to return the money.
Horizon Bridge is a token bridge between the Harmony blockchain and the Ethereum network, Binance Chain, and Bitcoin. The Bitcoin Bridge was not affected by this exploit.
Compared to other high-profile feats this year, Harmony’s reward offer ranks low. The $10 million given to the Rari Fuse striker in May represented 12.5% of the total loot. The Beanstalk Finance team offered $7.6 million representing 10% of the total amount tapped from the protocol in April.
Harmony’s reward offer is so low that cryptocurrency trader known on Twitter by the name of Degen Spartan described it as a “humiliating sum.” He added: “Imagine losing 100 meters and you think you are in a position to enjoy a 1% bonus, these people are just doing performance art to mitigate legal liability.”
In an incident response update on Horizon Bridge on June 25, Harmony founder Stephen Tse tweeted that the hack was not the result of a smart contract token breach. Instead, the team found evidence that private keys had been compromised, resulting in the bridge being compromised.
Tse said that the Ethereum side of the bridge has migrated “to 4-5 multisig since the incident.” The multisig wallet vulnerability that only requires two out of five signers was brought up by a community member in April, but the issue hasn’t been addressed by the Harmony team yet.
A multisig wallet is a crypto wallet that requires multiple key holders to approve a transaction. These wallets are commonly used in crypto projects.
As of the time of writing, the Horizon Bridge hacker has not transferred the stolen funds to Tornado Cash, an Ether (ETH) mixer, or any other unknown.
Related Topics: How Can Cryptocurrency Stop Hacking?
Hope is not lost on Harmony, as the reward of the million dollars is not the smallest proportion proportional to the amount of money lost. In 2021, the Poly Network interoperability platform was hacked for $610 million. The $500,000 team bounty offer was 0.08% of the total loot. The offer was declined, but luckily the money was returned anyway.