We have published an updated version of the ONE wallet chrome extension (version 1.0.9). This version has been reviewed and audited by our security partner, PeckShield. The audit report is being done in two phases, the first phase focuses on the security aspects of the wallet. The first phase is now complete and its report can be found here. The second phase will include a full write up and will be published in the next two weeks.

Following are the fixes and additions from the previous version (1.0.7):

Security

* Tab response hijacking protection

* Safe hostname detection

  • We detect the safe hostname enabling users to sign only one transaction at a time. This prevents hijacking of transactions. …


We are sharing another update on the November 18th exploit. Refer to the initial incident post here.

Summary

  1. Blockchain & cybersecurity firm PeckShield is conducting the root-cause investigation.
  2. We’re working with the affected users and various investigating agencies for recovery of lost funds.

Update from PeckShield based on the investigation so far

Dr. Jeff Liu — “Per Harmony’s request, PeckShield team investigated the Harmony ONE token loss incident. We first checked the issue discovered by the Harmony team, OneWallet saving user credential data in the Chrome Storage. We recognize that this may be a potential security vulnerability and has been subsequently fixed in the latest version 1.0.7, we shall share an audit report of this wallet soon. But to exploit the ONE wallet chrome extension, the hacker needs to get access permission of the users’ computers. Based on reviewing some of the affected users logs and browsing history, we didn’t find any concrete proof that this has happened in this incident. Therefore, it’s likely that this is not the root cause of this incident. …


This post is an update to Stephen’s tweet on November 18th about reports of lost funds. In this post, we will share what we know about the potential exploit, all the information we know about the alleged attacker, what we’ve done so far to contain the potential threat, and we want to give the alleged attacker a chance to return the funds.

On November 18th, we received reports of lost funds, mysteriously missing from 9 wallets at the time of this writing.

The Facts (as of 11/20/2020)

A total of 25,356,279.23 ONE tokens were removed from 9 wallets.

Affected wallet addresses

  • one14y4y0avdhlwfmvufxkch53q57stwmctg002vlv
  • one1r3fhhzzzatcmqx62nszqxf3shk8qk7qhlmg7tk
  • one10wgvlxx85vwcfk43g0vzss95er80uneh2h80hv
  • one13gv9shkzs847ayy6ggjxssv9g73jlvydlem2ra
  • one1hrgflaj09mh497qczhmzrnee4vxygtsjqx52mq…


Image for post
Image for post

(Reposted. Originally published on 10/19/20)

ho·ri·zon /həˈrīzən/: the line at which the earth’s surface and the sky appear to meet.

Harmony has launched Horizon, the first version of its Ethereum-Harmony cross-chain bridge, on the mainnet. This is the foundation of many upcoming initiatives designed to bolster a vibrant crosschain ecosystem on Harmony that will allow users and developers to smoothly interact with multiple chains. When you feel like you have reached the natural limitations of a blockchain, that is where we will meet you — at the Horizon.

Horizon opens up the gates for assets to flow freely between Harmony and Ethereum blockchains and will enable users to bridge any ERC20 token, as well as LINK and BUSD. Horizon will be released in phases with the next phase being fully trustless and permissionless. …


A Tech Demo of a Cross-chain Decentralized Exchange

After launching the Horizon bridge to swap assets from Ethereum to Harmony, we are excited to announce that our community has launched a technology demo of a cross-chain DEX — Swoop.

Swoop will enable the community to test out the seamless, high-speed and low-fee user experience while exchanging assets in a non-custodial manner on Harmony.

This first version of Swoop demonstrates the easy migration of foundational decentralized finance infrastructure like Uniswap v2 on Harmony, an EVM compatible chain.

The next version, launching in the coming weeks, will be a fully-cross-chain DEX, relying on the Horizon bridge APIs to power cross-chain liquidity. With these launches, the Harmony community is opening the gates for DeFi developers and partners to fork, build and deploy their own DeFi protocols on Harmony, leveraging the fast and low-cost layer-1 infrastructure. …


Image for post
Image for post

After Binance US-dollar stablecoin BUSD, Harmony is launching a fully audited and fiat-backed stablecoin with Indonesia’s Rupiah Token.

Rupiah tokens on Harmony will enable real-time settlement for cross-border payments. Harmony recently launched a US dollar stablecoin BUSD with Binance and is building a fintech ecosystem to drive payments in the US-India corridor.

Launching an Indonesian fiat-backed stablecoin builds upon our cross-border payments strategy, allowing local fintech and remittance companies to leverage these stablecoins for global payments. These stablecoins are fully-regulated and have fiat on/off-ramp support through digital asset exchanges and local partners.

Using local or regional stablecoins that can be instantly settled on a scalable blockchain is key to faster and cheaper global payments, especially for regional b2b and e-commerce transactions in South-East Asia. …


Image for post
Image for post

Yes, you read that correct, the long-awaited Harmony token swap is here. We are excited to launch the native ONE token. We know it’s been a long process for token holders and we’re incredibly grateful for your patience and continued support.

On to the swap - all issues flagged in the Peckshield security audit report have been successfully resolved and the mainnet has now smoothly passed the rolling upgrade in preparation for the swap. Huge thanks to our incredible team of Foundational Node operators who’ve been invaluable partners in this process. …


Below are the detailed steps for external nodes to join the Harmony Testnet.

Quick FAQs:

Q. Is the Harmony Testnet currently a live, running blockchain?

A. Yes! You can see the block explorer here: https://explorer.harmony.one/#/

Q. What is the value of joining?

A. The value in joining our Testnet is to be able to connect your node to our live blockchain and particiapte in consensus. Although, there are no rewards right now, but thank you for helping us to pioneer, Harmonier!
We will be releasing details about the staking rewards in coming weeks.

Q. What can external nodes do on the Harmony Testnet?


Focused on Tooling & Infrastructure Development

We recently completed and paid out our first few technical bounties on Gitcoin. What started as an experiment, has now become an inspiration to engage developers in building the Harmony ecosystem.

Image for post
Image for post

Goal

At Harmony, we believe in bringing values by first building a solid foundation on top of which people can build awesome blockchain products and use cases. To this end, we have strived to focus on the core protocol, and we are proud of our progress so far. At the same time, we see that the core protocol that we are building is only a base camp. Our journey — into the vast blockchain wilderness waiting for us — begins here, but we know that we would need more than just a base camp for us to make that journey. …


Image for post
Image for post

At Harmony, our aim is to scale trust for billions of people and create a radically fair economy. We envisage the largest open consensus network built for the benefit and future of humankind. As a team, we’ve spent many hours asking ourselves, “What makes a strong network?”, “How do humans organize themselves?” and “What is the secret to a truly open and global system?” The root answer to all of these questions is in laying a strong foundation. And strong foundations need a FOUNDATIONAL community coming together.

Foundational

/founˈdāSH(ə)nəl/

adjective

forming the base from which everything else develops.

Today we announce the launch of our Foundational Node Program for the Harmony ecosystem. We’re looking for global strategic partners who are interested in running a Harmony node and in contributing to our next strategic investment round. …

About

Sahil Dewan

Startup guy. Blockchain entrepreneur. Never shy of dreaming big.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store