Funds from Harmony’s Horizon Bridge have started flowing into Tornado Cash’s Ethererum mixer, indicating that the attacker has no intention of accepting the $1 million reward offered.
The decision to obfuscate ill-gotten gains answers questions about whether the Harmony team’s offer of just 1% of the $100 million in cryptocurrency funds stolen on June 24 would be enough to convince the attacker to return them.
#PeckShieldAlert ~6k $ETH (~$7.1m)into @TornadoCash desde @harmonyprotocol exploiters
Intermediary address: 0x432…47ae pic.twitter.com/AR9dmJRQet— PeckShieldAlert (@PeckShieldAlert) June 27, 2022
A total of 18,036.3 ETH worth about $21 million was moved out of the Horizon Bridge attacker’s main wallet at 03:10 am ET on June 28. These funds were then divided into three equal parts and sent to three different addresses in single transactions respectively, over the next 10 hours.
Tornado Cash supports mixing a maximum of 100 ETH at a time, which means that large sums can easily take several hours to mix. ETH mixing is a privacy measure designed to obfuscate the transaction path of the coins so that they cannot be traced back to previous transactions.
The first and second wallets that received ETH from the attacker’s main address have finished mixing the coins and are now left with about 16.3 ETH in total, an amount probably too small to bother with.
The third wallet was busy sending batches of 100 ETH to Tornado at eight minute intervals and he still had 2,800 coins left at the time of writing.
Cointelegraph has not received a response from the Harmony team on what it plans to do to repay funds stolen from the bridge.
The project’s Twitter account reaffirmed on June 27 that the team was working with “two highly reputable blockchain tracking and analysis partners,” along with the Federal Bureau of Investigation, to investigate the hack.
1/ We are aware the hacker has begun to move funds through Tornado Cash. The team is working with two highly reputable blockchain tracing and analysis partners, and collaborating with the FBI as part of an investigation into this criminal act.
— Harmony (@harmonyprotocol) June 28, 2022
About $80 million worth of ETH is still in the attacker’s main wallet. It could possibly return a portion of the stolen funds to Horizon, or it may take a break, given that it has taken over 13 hours to mix only $21 million.
Although the initial loot was valued at around $100 million at the time, positive ETH price fluctuations have increased the dollar value to 101.5 million.
Stephen Tse, the founder of Harmony, confirmed on June 25 that the attacker took control of the two required Horizon Bridge signers for the multisig address used to secure the funds. He noted that the Ethereum side of the bridge affected by the exploit was moved to a more secure multisig wallet that required four signers.
Horizon is the latest in a growing list of token bridges that have been attacked. The largest token bridge to be hacked was the Poly Network in 2021, which lost $610 million which was almost fully returned.
In total, over $1 billion has been mined from the Meter, Wormhole, Ronin and now Horizon token bridges by nefarious means in 2022 so far.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.