We are sharing another update on the November 18th exploit. Refer to the initial incident post here.


  1. Blockchain & cybersecurity firm PeckShield is conducting the root-cause investigation.
  2. We’re working with the affected users and various investigating agencies for recovery of lost funds.

Update from PeckShield based on the investigation so far

Dr. Jeff Liu — “Per Harmony’s request, PeckShield team investigated the Harmony ONE token loss incident. We first checked the issue discovered by the Harmony team, OneWallet saving user credential data in the Chrome Storage. We recognize that this may be a potential security vulnerability and has been subsequently fixed in the latest version 1.0.7, we shall share an audit report of this wallet soon. But to exploit the ONE wallet chrome extension, the hacker needs to get access permission of the users’ computers. Based on reviewing some of the affected users logs and browsing history, we didn’t find any concrete proof that this has happened in this incident. Therefore, it’s likely that this is not the root cause of this incident. We also investigated the possibility that the users are using forged OneWallet software, but again there we have not found evidence of this yet.”

We are exploring all other social attack vectors for this incident.

Working with the affected users & community

Members of the community are now actively working on the root cause analysis, and with several exchange partners and investigating agencies to find the attacker and pursue legal action. Several members of the community are also actively working together with the known affected users.

The affected users have provided as much information about the exploit to community members leading the recovery effort. We are also committed to assisting in the recovery of the lost funds. We will keep the community updated on all the details as the investigation progresses.

Thank you for being patient with us, we value our community’s commitment and support.