It seems that the hackers have no intention of taking the bounty of $ 1 million offered by Harmony. They have started laundering the money they looted through Tornado Cash. Tornado Cash is a decentralized cash mixing service that mixes transactions whereby one can not track the original transactions.
#PeckShieldAlert ~18k $ETH (~22m) into 0x1e…6430 from @harmonyprotocol exploiters pic.twitter.com/NN4j5Korsz
— PeckShieldAlert (@PeckShieldAlert) June 27, 2022
At 03:10 ET on June 28, 18,036.3 ETH, or nearly $21 million, were transferred out of the Horizon Bridge exploiter’s main wallet. For the following 10 hours, these monies were divided into three separate transactions and transmitted to three different addresses.
Since Tornado Cash can only mix up to 100 ETH at once, mixing up enormous amounts of money can easily take many hours. The purpose of mixing ETH is to obscure the transaction path of coins so that they cannot be tracked back to earlier transactions.
The accounts that received ETH from the exploiter’s main wallet have finished combining the funds and are currently sitting on a total of 16.3 ETH, probably not enough to warrant their attention.
At the time of writing, the third wallet was actively transferring 100 ETH batches at a time to Tornado, with 2,800 coins remaining in it.
What action is Harmony taking?
On June 27, the project’s Twitter account reiterated that the team was collaborating with “two highly recognized blockchain tracing and analysis partners” in addition to the Federal Bureau of Investigation to investigate the attack.
1/ We are aware the hacker has begun to move funds through Tornado Cash. The team is working with two highly reputable blockchain tracing and analysis partners, and collaborating with the FBI as part of an investigation into this criminal act. 🧵
— Harmony 💙 (@harmonyprotocol) June 28, 2022
The top wallet of the explorer still contains about $80 million in ETH. It took the exploiter nearly 13 hours to mix just $21 million, so they might take a break or return some of the stolen money to Horizon.
Positive ETH price swings have raised the dollar value of the haul from the initial estimate of roughly $100 million to $101.5 million. The price appreciation itself is more than what Harmony has offered as a bounty.
On June 25, Harmony’s founder, Stephen Tse, stated that the exploiter had gained access to the two Horizon Bridge signees necessary for the multisig address used to secure funds. He mentioned that the vulnerable Ethereum portion of the bridge was switched to a more secured multisig wallet that required four signatories.
Not the first cross-bridge hack
The attack on Horizon is the most recent in a long line of attacks against symbolic bridges. Poly Network was the largest token bridge to be breached in 2021, losing $610 million that was nearly totally recovered.
In 2022, more than $1 billion has been taken from the Meter, Wormhole, Ronin, and now Horizon token bridges through illegal means.
