Hackers Begin Laundering Funds Stolen From Harmony’s Horizon Bridge
Hackers who made off with $100 million worth of altcoins from the Horizon blockchain bridge five days ago have begun disposing of their loot.
$22 Million Worth of Ether Shifted to Tornado Cash
In a Twitter thread posted on June 27, Peckshield, a blockchain security auditor, said that 18,036 ether (ETH) with an estimated value of $22 million were sent to crypto mixing service Tornado Cash from the same address used in the June 23 Horizon Bridge breach. The funds were divided into three equal amounts and sent to three separate wallets, which then sent the ETH to Tornado Cash for mixing.
According to Peckshield, the first and second wallets have completed mixing the stolen crypto, while the third one is still sending ETH to Tornado Cash in batches of 100 every eight minutes. At the time of writing, the wallet reportedly still had 2,800 ETH tokens left. About $78 million worth of ETH remains in the hackers’ primary wallet.
Harmony Investigates Breach with F.B.I. and Blockchain Forensic Partners
The Horizon Bridge is a token bridge that connects the Harmony blockchain to a host of networks such as Ethereum, Binance Chain, and Bitcoin.
Harmony has stated that they are aware of the move being made by the hackers to launder the funds stolen from Horizon. They have also confirmed that they are investigating the breach with the help of two blockchain tracking and analysis firms and the F.B.I.
Earlier in the week, Harmony offered $1 million to the Horizon hackers and promised not to press criminal charges against them if they returned the stolen funds. But many crypto fans criticized the small amount offered and questioned whether it would be enough to get the hackers to give back the stolen ETH.
As part of the response to the Horizon attack, Harmony founder Stephen Tse pointed out that the exploit did not occur because of a smart contract breach but rather the compromising of private keys.
Crypto Mixing Services Are Popular With Hackers
Hackers routinely use mixing services such as Tornado Cash to obfuscate the origins of their crypto. These platforms work by combining large amounts of cryptocurrency in a private pool before sending them to the intended recipients. Anyone keeping track of crypto transactions would only see that one person deposited crypto into a mixer and that a different person received crypto from the mixer. As a result, illegally acquired cryptocurrency gets laundered.
Tornado Cash Has Previous History as a Conduit for Laundering
Tornado Cash has become the go-to laundering platform for bad-faith actors in the crypto industry. For instance, earlier in the year, when suspected North Korean-backed hackers stole more than $600 million worth of ETH from Axie Infinity’s Ronin Bridge, they sent about $100 million worth of it through Tornado Cash.
The official Tornado Cash website indicates that more than $3.5 billion worth of ETH has been deposited into the service since its inception in 2019. But according to cybersecurity analysts, more than a third of the funds (roughly $1.2 billion) that have gone through Tornado Cash were illicitly acquired.