Harmony hacker sends stolen funds to Tornado Cash mixer

Published at: June 28, 2022

The funds from Harmony’s Horizon Bridge have begun to move into the Tornado Cash Ethererum mixer, signaling that the attacker has no intention of accepting the $1 million bounty offered.

The decision to obfuscate the ill-gotten gains answers questions about whether the Harmony team’s offer of just 1% of the $100 million in crypto funds stolen on Friday would be enough to convince the exploiter to return them.

#PeckShieldAlert ~6k $ETH (~$7.1m) into @TornadoCash from @harmonyprotocol exploiters Intermediary address: 0x432...47ae pic.twitter.com/AR9dmJRQet

— PeckShieldAlert (@PeckShieldAlert) June 27, 2022

A total of 18,036.3 Ether (ETH), worth about $21 million, was moved out of the Horizon Bridge exploiter’s primary wallet at 03:10 am EST on Tuesday. These funds were then divided equally three ways and sent to three different addresses in single transactions, respectively, over the next 10 hours.

Tornado Cash supports mixing a maximum of 100 ETH at a time, which means large sums can easily take several hours to mix. Mixing ETH is a privacy measure designed to obfuscate the transaction path of coins so they cannot be traced back to previous transactions.

The first and second wallets that received ETH from the exploiter’s primary wallet have completed mixing the coins and are now left with about 16.3 ETH collectively, an amount likely too small to bother with.

The third wallet was busy sending batches of 100 ETH to Tornado in eight-minute intervals and still had 2,800 coins remaining as of the time of writing.

Cointelegraph has not received a reply from the Harmony team on what it plans to do to replace the stolen funds in the bridge.

The project’s Twitter account reaffirmed on Monday that the team was working with “two highly reputable blockchain tracing and analysis partners,” along with the United State Federal Bureau of Investigation, to investigate the hack.

1/ We are aware the hacker has begun to move funds through Tornado Cash. The team is working with two highly reputable blockchain tracing and analysis partners, and collaborating with the FBI as part of an investigation into this criminal act.

— Harmony (@harmonyprotocol) June 28, 2022

About $80 million in ETH is still in the explorer’s primary wallet. They could possibly return a portion of the stolen funds to Horizon, or they may be taking a break as it has taken the exploiter over 13 hours to mix just $21 million.

Although the initial haul was valued at about $100 million at the time, positive ETH price fluctuations have increased the dollar value to $101.5 million.

Stephen Tse, founder of Harmony, confirmed on Saturday that the exploiter took control of the required two Horizon Bridge signees for the multisignature address used to secure funds. He noted that the Ethereum side of the bridge affected by the exploit was moved to a more secure multisig wallet that required four signees.

Related: Axie Infinity to compensate Ronin exploit victims and relaunch bridge

Horizon is the latest in a growing list of token bridges that have been attacked. The largest token bridge to be hacked was Poly Network in 2021, which lost $610 million that was almost entirely returned.

In total, over $1 billion has been extracted from the Meter, Wormhole, Ronin and now Horizon token bridges through nefarious means in 2022 so far.

Tags
Blockchain
Ethereum
Defi
Fbi
Cybercrime
Cybersecurity
Related Posts
FBI issues alert over cybercriminal exploits targeting DeFi
The U.S Federal Bureau of Investigation (FBI) has issued a fresh warning for investors in decentralized finance (DeFi) platforms, which have been targeted with $1.6 billion in exploits in 2022. In an Aug. 29 public service announcement on the FBI's Internet Crime Complaint Center, the agency said the exploits have caused investors to lose money — advising investors to conduct diligent research about Defi platforms before using them, while also urging platforms to improve monitoring and conduct m rigorous code testing. The law enforcement agency warned that cybercriminals are out in force to take advantage of "investors' increased interest in …
Blockchain / Aug. 30, 2022
What is a honeypot crypto scam and how to spot it?
What is a crypto honeypot and why is it used? Smart contracts programs across a decentralized network of nodes can be executed on modern blockchains like Ethereum. Smart contracts are becoming more popular and valuable, making them a more appealing target for attackers. Several smart contracts have been targeted by hackers in recent years. However, a new trend appears to be gaining traction; namely, attackers are no longer looking for susceptible contracts but are adopting a more proactive strategy. Instead, they aim to trick their victims into falling into traps by sending out contracts that appear to be vulnerable but …
Adoption / Dec. 26, 2021
BREAKING: Curve Finance team warns users to avoid using site until further notice
On Aug 9, automated market maker Curve Finance took to Twitter to warn users of an ongoing exploit on its site. The team behind the protocol noted that the issue, which appears to be an attack from a malicious actor, is affecting the service’s nameserver and frontend. Don't use https://t.co/vOeMYOTq0l site - nameserver is compromised. Investigation is ongoing: likely the NS itself has a problem — Curve Finance (@CurveFinance) August 9, 2022 Curve stated via Twitter that its exchange — which is a separate product — appeared to be unaffected by the attack, as it uses a different DNS provider. …
Decentralization / Aug. 9, 2022
Crypto hacks are set to hit all-time highs in 2022, analyst explains
Reducing the amount of hacking by improving cybersecurity should be considered a top priority for the crypto industry, said Kim Grauer, director of research of blockchain intelligence firm Chainalysis. As pointed out by the firm, this year could outpace 2021 in terms of crypto stolen through hacks. The vast majority of these exploits have been targeting the field of decentralized finance. “This can't go on in the industry because people are going to lose faith in investing in DeFi platforms”, Grauer said in an interview with Cointelegraph. Unlike centralized exchanges, which have improved their resiliency to crypto hacks, decentralized protocols …
Blockchain / Oct. 19, 2022
Uniswap DAO debate shows devs still struggle to secure cross-chain bridges
Over $2.5 billion was stolen in cross-chain crypto bridge hacks from 2021 to 2022, according to a report by Token Terminal. But, despite several attempts by developers to improve bridge security, a debate from December 2022 to January 2023 on the Uniswap DAO forums has laid bare security weaknesses that continue to exist in blockchain bridges. In the past, bridges like Ronin and Horizon used multisig wallets to ensure that only bridge validators could authorize withdrawals. For example, Ronin required five out of nine signatures to withdraw, whereas Horizon required two out of five. But attackers figured out how to …
Blockchain / Feb. 26, 2023