A Bounty with a Twist

In the wake of the recent Horizon Bridge hack, the Harmony blockchain project has decided to toss out a $1 million bounty. This generous offer, representing a mere 1% of the $100 million that was whisked away, raises more than a few eyebrows. It was announced on June 26, through Twitter, that the team is not only looking to recover stolen funds but also offers immunity from criminal charges for returning said funds. Talk about a friendly negotiation!

All Hail the Lowball Offer

As cheering awaited responses, not everyone viewed the bounty with sunshine and rainbows. In fact, some crypto enthusiasts have deemed it rather offensive. Degen Spartan, a renowned crypto trader on Twitter, didn’t hold back, calling the offer an “insulting amount.” Isn’t it odd that losing a hefty $100 million ends up with just a 1% incentive to bring it back? Maybe next time, they’ll reconsider their bargaining game.

Who’s Paying Attention?

Perhaps the most fascinating aspect of this saga is the comparison to other bounty offers we’ve seen in the crypto realm this year. To illustrate: In May, the Rari Fuse attacker was offered a handsome $10 million, amounting to 12.5% of the stolen loot. Oh, and the Beanstalk Finance team was a tad more generous too, offering $7.6 million (10% of their losses). Clearly, the age-old adage rings true: you get what you pay for!

Understanding the Hack

To add fuel to the fire, Harmony’s founder, Stephen Tse, clarified that this glaring breach was not due to a smart contract code issue. Surprise! Instead, it seems that private keys were compromised—definitely not a great day at the office for the Harmony team. You know you’re in hot water when even the hackers think they’re doing you a favor by leaving the funds untouched in anonymity.

Multisig and Multi-Variables

With great power comes great responsibility, or so they say. Harmony had transitioned the Ethereum side of its bridge to a 4-5 multisig configuration after the hack. Multisig wallets are designed to prevent one rogue individual from taking off with the keys—just one out of the five signers needs to act. Unfortunately, the potential vulnerability was pointed out by someone from the community back in April, but it didn’t get fixed until the damage had been done. Yikes!

The Bright Side?

If there’s a silver lining in this storm cloud, it’s that Harmony’s $1 million bounty isn’t exactly the worst one in history, proportionately speaking. Consider the infamous Poly Network hack from 2021, where a staggering $610 million was stolen, and the offered $500,000 bounty only represented a paltry 0.08% of the stolen assets—now that’s taking lowballing to new heights! Yet, much to the surprise of many, the funds were eventually returned. So perhaps there’s a glimmer of hope?