Harmony hacker sends stolen funds to Tornado Cash mixer
The funds from Harmony’s Horizon Bridge have begun to move into the Tornado Cash Ethererum mixer, signaling that the attacker has no intention of accepting the $1 million bounty offered.
The decision to obfuscate the ill-gotten gains answers questions about whether the Harmony team’s offer of just 1% of the $100 million in crypto funds stolen on June 24 would be enough to convince the exploiter to return them.
#PeckShieldAlert ~6k $ETH (~$7.1m) into @TornadoCash from @harmonyprotocol exploiters Intermediary address: 0x432…47ae pic.twitter.com/AR9dmJRQet
— PeckShieldAlert (@PeckShieldAlert) June 27, 2022
A total of 18,036.3 ETH worth about $21 million was moved out of the Horizon Bridge exploiter’s primary wallet at 03:10 am ET on June 28. These funds were then divided equally three ways and sent to three different addresses in single transactions respectively, over the next 10 hours.
Tornado Cash supports mixing a maximum of 100 ETH at a time, which means large sums can easily take several hours to mix. Mixing ETH is a privacy measure designed to obfuscate the transaction path of coins so they cannot be traced back to previous transactions.
The first and second wallets that received ETH from the exploiter’s primary wallet have completed mixing the coins and are now left with about 16.3 ETH collectively, an amount likely too small to bother with.
The third wallet was busy sending batches of 100 ETH to Tornado in eight-minute intervals and still had 2,800 coins remaining as of the time of writing.
Cointelegraph has not received a reply from the Harmony team on what it plans to do to replace the stolen funds in the bridge.
The project’s Twitter account reaffirmed on June 27 that the team was working with “two highly reputable blockchain tracing and analysis partners,” along with the Federal Bureau of Investigation, to investigate the hack.
1/ We are aware the hacker has begun to move funds through Tornado Cash. The team is working with two highly reputable blockchain tracing and analysis partners, and collaborating with the FBI as part of an investigation into this criminal act.
— Harmony (@harmonyprotocol) June 28, 2022
About $80 million in ETH is still in the explorer’s primary wallet. They could possibly return a portion of the stolen funds to Horizon, or they may be taking a break as it has taken the exploiter over 13 hours to mix just $21 million.
Although the initial haul was valued at about $100 million at the time, positive ETH price fluctuations have increased the dollar value to $101.5 million.
Stephen Tse, the founder of Harmony, confirmed on June 25 that the exploiter took control of the required two Horizon Bridge signees for the multisig address used to secure funds. He noted that the Ethereum side of the bridge affected by the exploit was moved to a more secure multisig wallet that required four signees.
Related: Axie Infinity to compensate Ronin exploit victims and relaunch bridge
Horizon is the latest in a growing list of token bridges that have been attacked. The largest token bridge to be hacked was Poly Network in 2021, which lost $610 million that was almost entirely returned.
In total, over $1 billion has been extracted from the Meter, Wormhole, Ronin, and now Horizon token bridges through nefarious means in 2022 so far.