Harmony Horizon bridge exploit. Consequences to Aave V3 Harmony

@oneski22 Can you please share the doc that specifically stated SM only apply to V2 ETH market?

1 Like

As an update for the community, we have verified that the Guardian has executed the freezing of all assets on Harmony, following the approval of the governance HERE.

What this changes in practice is that the Aave smart contracts don’t allow to deposit on Aave v3 Harmony anymore, as borrowing was already not enabled.
It is important to highlight that withdrawal is still possible.

8 Likes

What will be the next step?

1 Like

“withdrawal is still possible” is not completely right, until borrow will be repayed in reality “withdrawal is still NOT possible” !

1 Like

This an opinion from the Harmony Community Forum:

The problem with Aave lies with Aave. They are the responsible party for relying on a faulty price oracle and not responding to the bridge hack fast enough. It took them weeks to decide to stop borrowing and then reduce interest rate. Now they are trying to wash their hands of the problem by blaming harmony for allowing the bridge to be hacked.

If you are expecting harmony to respond to this you then you are expecting harmony to fix somone else’s problem.

1 Like

My assets are frozen on AAVE and I was also removed from the Discord server for expressing my discontent with the situation.

Unfortunately my situation looks exactly the same as being a Celsius customer. Only exception is that I’m now receiving regular email updated about court proceedings.

Here I know nothing about the outlook and what should I do? Do I own any cryptocurrency that is locked on AAVE or do I not own it anymore?

1 Like

What are the update regarding this issue? Investors funds are currently locked for withdrawal on the ONE lending since the utilization is 100%. When do you plan to release the funds?
You did not anticipate such exploit by chosing chainlink oracle and you took very long time to react after the bridge hack. On the other side, tranquil finance reacted very quickly and users are able to withdraw their ONE. Fault is fully on aave and something should be done asap to restore user funds, especially when the app is showing a tab which let the user think that the sm is applicable and that their funds are safe in case of any exploit (as the one which happened)

What are the concrete actions you are going to do? Currently situation is even worse than celsius: no update apart from disabling borrowing and removing the return.

Many users got tricked by the high interest displayed during a long period of at least 3weeks. Is it worth it to ruin aave reputation?

Thanks

2 Likes

disclaimer: The following post is reflecting my personal opinion as an individual & Aave token holder and is not representative of the Aave companies in any form.

To be honest, my initial opinion was “Harmony fucked up and failed to protect their users, If governance agrees we should take the punch & loss, pay back users in stables and keep the harmony Aave market frozen and I’ll vote accordingly”

but I have to voice my concerns that “expectation of bailout” is not really something I’m comfortable with, the whole crypto ecosystem’s origins is a reaction to what happened in 2008, crypto is not supposed to replicate traditional finance but provide an alternative to it.
If we allow a system where actors take all the risks, and cash in the profits but in case of something bad happening, they can legitimately rush to nanny protocols and ask for their money back, are we any better than Banks and governments?

in this situation, I’ll be clear, Harmony failed their users, failed at building a robust bridge & failed at providing a clear answer in a short delay (1 month to tell users their solution is BRRRR) that lead to slower reactions of protocols on top, making bad things worse.

but in every case, there are two ways to make money in this world, 1) is hard work 2) is taking some risks. anyone telling you there is a third option is a scammer.
using Harmony was a risk, and now that risk materialized.

to answer to that risk, a bailout has never been a mandatory option. The safety module doesn’t cover Harmony V3 (the currently supported market is Aave V2 ETH, Polygon & Avalanche + Aave ARC) and any bailout would require a specific AIP vote.

As people that took a loss need Aave governance approval to get a second chance to nullify the consequences of a risk taken, I would kindly advise some to change gear in their entitled & aggressive attitude towards Aave on here. because I’m still personally in favor of supporting Aave Harmony users while being firm on the fact that Aave worked as intended,

but at this point, I might be a few aggressive posts away from changing my personal vote if an AIP is deployed on this topic.

What do we have to do for the AIP to be deployed in this topic Marc? Thank you

  1. Post a governance thread following ARC standards ARCs - Governance

  2. after a minimum of 5 days of discussion anyone with a AAVE balance of at least 50 can publish a proposal on snapshot

  3. Snapshot vote needs to follow the community guidelines

  • vote should start at least 24h after publication of snapshot vote
  • voting period should last at least 3 days
  • Vote should have at least 3 options (YAE/NAY/ABSTAIN)
  1. If the snapshot vote outcome is YAE, anyone can campaign to get AAVE proposal power delegation
    and any address with at least 80k AAVE proposal power can publish an AIP vote to, in this case, allow the ER contract or treasury contract to deploy funds.
    The technical payload of this AIP can be supported & reviewed by BGD Labs to make sure the technical implementation is safe.
    The quorum for these votes is 320k AAVE YAE votes.

This governance process is standard at aave and has been successfully followed with dozens of previous AIPs.

Hello everyone! I came here to share my story quickly. I guess I am a bit naive, or even silly person. This year I have lost many thousands because I have trusted that I can earn 19% on stablecoin, I have lost significant amount of money in Terra collapse and I was also significantly affected by Harmony ONE bridge exploit. My crypto is currently in AAVE platform, without possibility to take it out. Maybe I haven’t done enough of quality research, or maybe my risk management is really poor. I always thought that AVVE is in top 5 trusted protocols anyway. I also invested in AAVE and I keep AAVE tokens.

Anyway, I came to the conclusion that defi isn’t really much better than traditional finance because my money in the bank is protected. Of course: it suffers from inflation and no one gives my interest but I have a phone number and there is a person on the other side – they will listen to me, they will be able to help. I can also follow the process to complain if something isn’t right. I have a voice and I have rights.

I now think that participating in defi means that you are deciding to abandon your rights to any protection and you abandon your rights to express your opinion because no one will listen. Defi is driven by greed, even if no one will admit his.

So, what am I doing right now: I am moving slowly all bridged assets to native networks and then to my centralised, tier 1 exchange. I might decide to use hardware wallet soon too. I don’t think that using defi is safe anymore. In terms of crypto that is locked in AAVE I don’t think anyone is motivated to resolve this problem; therefore, I think I t is better to just forget about it and file it as a loss. Mental health is important then money, please do not forget about that! Good luck!

3 Likes

@FrankBaron

I am very sorry to hear that. I am on the same boat with you. I lost part of my fund in my portfolio during Terra UST collapse and Harmony bridge exploit on AAVE. But luckily, I invested in a variety of assets, traditional one (stock/Forex) and non-traditional one (Crypto). It is better to have a diversified portfolio to mitigate the risk.

In order to make Harmony Bridged Asset to be pegged again and the AAVE protocol work again (ie. having enough money to pay back the lender), extra money needed to be flowed into the Harmony Ecosystem. So I agree with you that there is a high possibility that we may not get the fund back unless:

  1. Harmony ONE price goes up again by deflationary tokenomics (e.g burning) and/or people start buying more ONE
  2. VC bait out the situation

One interesting question is how many stablecoin does AAVE still have? Could we cover the lender with these stablecoins? At least we could get something out of it and move on?

1 Like

1st of all, this is what I have received after posting here:

“This is an automated message from Aave to let you know that your account has been temporarily placed on hold as a precautionary measure.”

But I am still able to write as it seems.

As someone wise said recently: "Crypto’s true nature unravelling, step by step and more obviously than ever, for the few that still thought this was about decentralization.

For those of you with ideals that didn’t treat this like an easy online casino, from the bottom of my heart, I am sorry."

In this case everyone who is in the role of the victim needs to understand that there are absolutely no incentives for the people in control to help. The easiest for the decision makers here is to do nothing and forget about the whole thing. This is regardless of the true root cause of the whole problem.

Hello Franck,

First of all, I’m sorry for you, I hope you’re not in a harsh financial situation

Your story should remind us that DeFi still is a giant experiment and no one can predict how it will evolve. Putting money in DeFi is like swallowing a new pill, coming from a laboratory : maybe you will get superpowers, maybe you will die in a minute. That’s why everyone keep saying “DYOR, not a financial advice, etc” : we don’t know how it will ends ! DeFi already is too intricated for a human brain. Aave probably is one of the safest DeFi protocol, all chains combined (with protocols like Beefy). But if the tokens rely on a bridge, and the bridge is hacked, Aave can’t do magic… There probably are dozens of systemic risks we can’t even imagine. Bridging all your assets to native networks is a great move, I’ve been doing the same thing for the last weeks. Bridges might no be a good solution, it’s too risky and we don’t want to rely on a multisig.

You’re saying there’s no client support in DeFi, and that’s true. More freedom implies less safety. DeFi is not “better” than banks and TradFi, it’s just different. It depends on what you need. Do you prefer to deal with human, or with machines ? I personally prefer dealing with machines, I think it’s more efficient and they can’t cheat. But other people prefer to deal with a human being, and that’s okay

You’re telling us that DeFi is driven by greed, but no one admit it. That’s not fair : every ecosystem, every job, every human being is driven by greed. A baker, a farmer or a lawyer aren’t that different from a DeFi user. Being greedy doesn’t mean you are not passionate about what you’re doing

Oh, and yes, PLEASE use a hardware wallet. It’s like a condom : it’s not such a big thing, but it could save you money :wink: