Harmony Hacker Begins Laundering Funds

The $1 million bounty was not enough to convince the hacker to return the funds.

Harmony Hacker Begins Laundering Funds
Shutterstock cover by Satheesh Sankaran

Key Takeaways

  • The Harmony hacker is currently sending some of their stolen ETH through Tornado Cash.
  • Already $12 million have been routed through the privacy-enabling protocol; the hacker is currently sending 100 ETH every six minutes.
  • About $100 million were stolen from Harmony’s Horizon bridge last week by the attacker.

Share this article

The Harmony attacker is sending 100 ETH to the Tornado Cash router every six minutes and has already mixed more than $12 million through the protocol.

100 ETH Every Six Minutes

The Harmony attacker is starting to send their tokens through Tornado Cash.

As shown by Etherscan, the wallet responsible for last week’s Harmony exploit sent a little more than 18,036 ETH (a sum worth north of $21 million at today’s prices) to a secondary wallet. That secondary wallet then evenly split the sum between three tertiary wallets; at the time of writing, two of these tertiaries have sent ETH to a Tornado Cash router.

Harmony’s Horizon bridge was exploited last week for more than $100 million in various tokens including FRAX, FXS, wETH, wBTC, AAVE, SUSHI, USDT, and BUSD; these were all swapped on Uniswap for ETH. 

That sum is now being routed through Tornado Cash in installments of 100 ETH. At the time of writing 10,409 ETH (more than $12 million) had already been mixed in the privacy-enabling protocol. New 100 ETH transactions are happening approximately every six minutes.

Tornado Cash is an Ethereum protocol that leverages zero-knowledge technology to allow users to break the links in their on-chain activity. If used correctly, the protocol makes it impossible to track down transactions from one wallet to another.

The protocol has been used by hackers in the past to cash in on their ill-acquired gains. Data from Nansen indicates that the Harmony exploiter, while having only sent about 12% of their loot to Tornado Cash, is already the fifth-biggest malicious user of the protocol (behind the Ronin, Fei, Beanstalk, and Parity exploiters). 

Two days ago Harmony had offered the Horizon bridge hacker a $1 million bounty for returning the stolen funds, with the promise of not advocating for criminal charges if they chose to cooperate. Other protocols have paid out even greater bounties in the past, with Aurora recently rewarding a white-hat hacker $6 million for detecting a possible exploit and notifying the team about it.

Disclosure: At the time of writing, the author of this piece owned ETH and several other cryptocurrencies.

Share this article