Tolu is a cryptocurrency and blockchain enthusiast based in Lagos. He likes to demystify crypto stories to the bare basics so that anyone anywhere can understand without too much background knowledge. When he's not neck-deep in crypto stories, Tolu enjoys music, loves to sing and is an avid movie lover.
The hackers of the Harmony Horizon Bridge have begun laundering the $100 million in Ethereum and other tokens stolen from the blockchain.
The hackers behind the $100 million altcoin theft from Harmony Protocol’s Horizon Bridge have started laundering the funds. Etherscan data shows that the wallet used by the cyber thieves in the attack sent out 18,000 ETH to a total of four wallet addresses.
Breakdown of the Laundering Process
The hackers first sent out around 18,000 ETH, or $21 million, to another wallet. Afterward, the cybercriminals used the receiving wallet to disburse 6,000 ETH, or $7 million each, to three other addresses.
The hacker has already laundered funds sent to the first intermediary address through Tornado Cash. Funds from the second receiving address are also in the process of being laundered in batches of 100 ETH, or $116,000. Meanwhile, the third wallet still had its 6,000 ETH untouched as of press time.
Four days ago, the hacker sole $100 million in several crypto coins and swapped them for Ethereum. Coins stolen were Wrapped Ethereum, Tether (USDT), and USD Coin (USDC) stablecoins. Presently, the hackers’ wallet still holds more than $80 million in ETH tokens, as well as approximately $65,000 worth of other tokens.
Confirming the hack, the Harmony blockchain protocol put out a series of messages on Twitter, which began with:
“The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.”
In addition, the open blockchain platform also moved to assuage investors a little amid the calamity. According to Harmony Protocol, its trustless Bitcoin (BTC) bridge, as well as funds and assets stored on decentralized vaults are currently safe. Also, the Harmony team reaffirmed its commitment to exhausting investigative leads, and promised more information on its efforts.
Harmony offered a $1 million bounty on information leading to the resolution of the Horizon Bridge hack. In addition, the company promised not to pursue criminal charges if the hackers returned the stolen funds. However, going by the recent transfers, it would seem that the hacker has ignored the company’s offer.
Harmony Founder Comments on Horizon Bridge Hack, Money Laundering
Harmony founder Stephen Tse spoke on the situation and provided security updates. According to Tse, Harmony has substantially beefed up its security and is looking to do even more. According to Tse:
“We have migrated the Ethereum side of the Horizon bridge to a 4-of-5 multisig since the incident.”
This implies that no less than four of five separate private keys are now a requirement to sign and authorize transactions.
“We will continue taking steps to further harden our operations and infrastructure security,” added Tse.
The Harmony Protocol hack represents the latest in DeFi protocol thefts involving huge sums of money. Another instance of this trend occurred in March, when hackers presumably from North Korea carted away $622 million from Ronin – Axie Infinity’s Ethereum sidechain.