This article is written to share information about a potential exploit, the theft of crypto assets from a handful of addresses, the attacker involved, and the steps we are taking to resolve this issue.


What Happened

We have received reports from five (5) individuals who stated their funds had been transferred from their wallets without knowledge. For those whose funds were staked, their ONE appears to have been undelegated by an unauthorized individual before being transferred to another address outside the control of the original holder.

The Harmony Foundation and community are in active communication with these individuals, forensic experts, and the authorities.

What We Are Doing

The team is taking a number of steps to address the vulnerability - more details below. We are also working closely with the affected individuals, gathering their critical information, and staying in communication to ensure they’re up-to-speed on our progress.

  • Major exchanges have been contacted and made aware of the situation and attacker’s addresses. We will continue to expand these efforts and cast a wide net.
  • The team performed a thorough forensic investigation while also retaining the help of multiple, reputable security firms and whitehat hackers in an attempt to determine root cause and assist in identifying the suspect.
  • We have documented a detailed report which has been provided to the authorities describing the timeline, events and forensic information we have gathered so far.
  • Local and national authorities have been contacted. Our team has met with national authorities over the past few days to provide them with our detailed report and to work together with full cooperation.

What We Know

Amount in Question

The amount between the individuals we’re communicating with comes to 19,314,598 ONE.

Affected Wallet Addresses

  • one1u8s0[...]lru974xz
  • one1ys4s[...]f8h5720g
  • one16suk[...]6cqtcu0d
  • one19vys[...]4nvruqdq
  • one1f99a[...]vkeyc9nq

Alleged Suspect’s Addresses

  • one19hfc[...]cs3q9ctl
  • one1l0j8[...]0jfkaxzw
  • one1mm2n[...]pfh2a2kw
  • one1xel4[...]3sqqjr0f
  • one1nntf[...]j6tqx8zj
  • one10zeu[...]2sk6fnhh

About the Suspect

The Harmony Foundation and community are working diligently to identify the alleged suspect and are in full cooperation with the authorities to expand these efforts. So far we have observed numerous patterns based on the suspect’s activities, allowing us to narrow down our leads to a handful of potential culprits.

Additional information about the alleged attacker will be withheld as we continue our forensic investigation and work with the authorities.

Our Offer to Those Responsible for the Theft

We wish to provide the suspect an opportunity to communicate with the Harmony Foundation and return all funds. Harmony will not pursue further legal action or dox your identity so long as we receive your full cooperation. The team will offer you a bounty to reveal how this theft was performed so long as it can be validated.

You may contact us at security@harmony.one.

Deadline: This offer will remain open until midnight UTC of January 15th, 2022.

To Our Community

Please report suspicious wallet activity to the Harmony team using the following form:

https://harmony.one/report-theft.

If you have any information related to these events, please contact the Harmony team at security@harmony.one. We will keep you updated as additional information becomes available.

In the meantime, we encourage everyone to follow security best practices by ensuring your wallets use a complex password of at least 12 characters composed of special characters, numbers, upper and lower case letters. Currently the Ledger Nano S supports ONE and provides a significant extra layer of security by keeping your private keys offline.

If you are staking, we also suggest visiting the staking portal to ensure your balance is still staked and no suspicious undelegation is occurring. For suspicious undelegation events, re-delegate your ONE to restart the staking process and report the suspicious behavior (form link below).

Finally, remember that no Harmony employee, community member or moderator will/should ever ask for your private key, seed phrase, or request that you access a website that requires you to connect your wallet. Any assistance offered by Harmony should be followed-up with an e-mail from their harmony.one address as confirmation of identity. Please remain skeptical and cautious when interacting with community members as scammers are known to create fake accounts designed to masquerade as admins, moderators, and core team members.

Roadmap: We’re working on a smart contract wallet that would support staking, and development is underway to enable staking via Metamask. We will keep you posted on the progress and timelines.

More information will be shared as developments continue.

- The Harmony Team 💙