{"id":31054,"date":"2022-06-28T04:32:32","date_gmt":"2022-06-28T08:32:32","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=31054"},"modified":"2022-06-28T04:32:47","modified_gmt":"2022-06-28T08:32:47","slug":"harmony-hacker-moves-stolen-funds-through-tornado-cash-mixer","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/harmony-hacker-moves-stolen-funds-through-tornado-cash-mixer\/","title":{"rendered":"Harmony hacker moves stolen funds through Tornado Cash mixer"},"content":{"rendered":"\n

Harmony's Horizon Bridge money has started to flow into the Tornado Cash Ethererum mixer<\/a>, indicating that the hacker is not planning to take the $1 million bounty offered by Harmony.<\/p>\n\n\n\n

\"Harmony
Harmony hacker moves stolen funds through Tornado Cash mixer<\/figcaption><\/figure>\n\n\n\n

The Harmony team's decision to conceal the illicit earnings provides an answer to the question of whether their offer of just 1% of the $100 million in cryptocurrency monies taken on June 24 would be sufficient to persuade the exploiter to return them.<\/p>\n\n\n\n

\n

#PeckShieldAlert\r\n \r\n \r\n \r\n <\/g>\r\n \r\n \r\n \r\n <\/clipPath>\r\n <\/defs><\/svg><\/span><\/a> ~6k $ETH<\/use><\/svg><\/span><\/a> (~$7.3m) into 0x432…47ae from @harmonyprotocol<\/use><\/svg><\/span><\/a> exploiters and start transferring to @TornadoCash<\/use><\/svg><\/span><\/a>
Intermediary address: 0x1e…6430 pic.twitter.com\/cN1nZwPi6I<\/use><\/svg><\/span><\/a><\/p>— PeckShieldAlert (@PeckShieldAlert) June 27, 2022<\/use><\/svg><\/span><\/a><\/blockquote>

At 03:10 ET on June 28, a total of 18,036.3 ETH, or nearly $21 million, were transferred out of the Horizon Bridge <\/use><\/svg><\/span><\/a>exploiter's main wallet. Over the course of the following 10 hours, these monies were then equally divided into three separate transactions and transmitted to three distinct addresses.<\/p>\n\n\n\n

Since Tornado Cash can only mix up to 100 ETH at once, mixing up enormous amounts of money can easily take many hours. The purpose of mixing ETH is to obscure the transaction path of coins so that they cannot be tracked back to earlier transactions.<\/p>\n\n\n\n

The first and second wallets that received ETH from the exploiter's main wallet <\/a>have finished combining the funds and are currently sitting on a total of 16.3 ETH, which is probably not enough to warrant their attention.<\/p>\n\n\n\n

At the time of writing, the third wallet was actively transferring 100 ETH batches at a time to Tornado, with 2,800 coins remaining in it. <\/p>\n\n\n\n

On June 27, the project's Twitter account reiterated that the team was collaborating with “two highly recognized blockchain tracing and analysis partners” in addition to the Federal Bureau of Investigation to look into the attack.<\/p>\n\n\n\n

\n

1\/ We are aware the hacker has begun to move funds through Tornado Cash. The team is working with two highly reputable blockchain tracing and analysis partners, and collaborating with the FBI as part of an investigation into this criminal act. \ud83e\uddf5<\/p>— Harmony \ud83d\udc99 (@harmonyprotocol) June 28, 2022<\/use><\/svg><\/span><\/a><\/blockquote>

The principal wallet of the explorer still contains about $80 million in ETH. It took the exploiter nearly 13 hours to mix just $21 million, so they might be taking a break or returning some of the stolen money to Horizon.<\/p>\n\n\n\n

Positive ETH price swings have raised the dollar value of the haul from the initial estimate of roughly $100 million to $101.5 million.<\/p>\n\n\n\n

About the Harmony Attack<\/h2>\n\n\n\n

On June 25, Harmony's founder, Stephen Tse, stated that the exploiter had gained access to the two Horizon Bridge signees that were necessary for the multisig address that was being used to secure funds. He mentioned that the vulnerable Ethereum portion of the bridge was switched to a more secure multisig wallet that required four signatories.<\/p>\n\n\n\n

The attack on Horizon is the most recent in a long line of attacks against symbolic bridges. Poly Network<\/a> was the largest token bridge to be breached in 2021, losing $610 million that was nearly totally recovered.<\/p>\n\n\n\n

Through illegal means, so far in 2022, more than $1 billion has been taken from the Meter, Wormhole, Ronin, and now Horizon token bridges.<\/p>\n","protected":false},"excerpt":{"rendered":"

Harmony’s Horizon Bridge money has started to flow into the Tornado Cash Ethererum mixer, indicating that the hacker is not planning to take the $1 million bounty offered by Harmony. The Harmony team’s decision to conceal the illicit earnings provides an answer to the question of whether their offer of just 1% of the $100 […]<\/p>\n","protected":false},"author":12,"featured_media":31059,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[21],"tags":[],"class_list":["post-31054","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"jetpack_featured_media_url":"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/06\/image-220.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/31054","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=31054"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/31054\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media\/31059"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=31054"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=31054"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=31054"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}