Nexo

Start Earning Up to 16% Interest Automatically

Learn More
Home » News » Harmony Hacker Begins Laundering Funds

Harmony Hacker Begins Laundering Funds

by

The $1 million bounty was not enough to convince the hacker to return the funds.

Harmony Hacker Begins Laundering Funds
Shutterstock cover by Satheesh Sankaran

Key Takeaways

  • The Harmony hacker is currently sending some of their stolen ETH through Tornado Cash.
  • Already $12 million have been routed through the privacy-enabling protocol; the hacker is currently sending 100 ETH every six minutes.
  • About $100 million were stolen from Harmony’s Horizon bridge last week by the attacker.

Share this article

The Harmony attacker is sending 100 ETH to the Tornado Cash router every six minutes and has already mixed more than $12 million through the protocol.

100 ETH Every Six Minutes

The Harmony attacker is starting to send their tokens through Tornado Cash.

As shown by Etherscan, the wallet responsible for last week’s Harmony exploit sent a little more than 18,036 ETH (a sum worth north of $21 million at today’s prices) to a secondary wallet. That secondary wallet then evenly split the sum between three tertiary wallets; at the time of writing, two of these tertiaries have sent ETH to a Tornado Cash router.

Harmony’s Horizon bridge was exploited last week for more than $100 million in various tokens including FRAX, FXS, wETH, wBTC, AAVE, SUSHI, USDT, and BUSD; these were all swapped on Uniswap for ETH. 

That sum is now being routed through Tornado Cash in installments of 100 ETH. At the time of writing 10,409 ETH (more than $12 million) had already been mixed in the privacy-enabling protocol. New 100 ETH transactions are happening approximately every six minutes.

Tornado Cash is an Ethereum protocol that leverages zero-knowledge technology to allow users to break the links in their on-chain activity. If used correctly, the protocol makes it impossible to track down transactions from one wallet to another.

The protocol has been used by hackers in the past to cash in on their ill-acquired gains. Data from Nansen indicates that the Harmony exploiter, while having only sent about 12% of their loot to Tornado Cash, is already the fifth-biggest malicious user of the protocol (behind the Ronin, Fei, Beanstalk, and Parity exploiters). 

Two days ago Harmony had offered the Horizon bridge hacker a $1 million bounty for returning the stolen funds, with the promise of not advocating for criminal charges if they chose to cooperate. Other protocols have paid out even greater bounties in the past, with Aurora recently rewarding a white-hat hacker $6 million for detecting a possible exploit and notifying the team about it.

Disclosure: At the time of writing, the author of this piece owned ETH and several other cryptocurrencies.

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.