Harmony Hackers Begin Laundering Ethereum Stolen From Horizon Bridge
The robbers have sent $36 million of the $100 million in stolen Ethereum to a mixing service.
According to PeckShield The hackers responsible for stealing $100 million in altcoins from Harmony Protocol's Horizon bridge have begun to launder the funds.
The hackers sent their transactions from the address used in the June 23rd hack totaling around 30k ETH to the mixing service Tornado Cash, with $64 million still in the hacker's Ethereum Wallet, according to a blockchain breakdown by the blockchain security company.
1/ The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.— Harmony (@harmonyprotocol) June 23, 2022
Harmony is a Layer 1 proof-of-stake blockchain launched in 2019. its Horizon bridge allows users to send cryptocurrencies between blockchains like Harmony's network and Ethereum, Binance Chain, and Bitcoin.
Crypto mixing services allow users to conceal the origins of their cryptocurrencies by pooling significant amounts of coins in a single pool and mixing them a process commonly used to launder illicitly acquired tokens.
Hack, $100 million in Wrapped Ethereum AAVE, SUSHI, DAI, Tether, and USD Coin were stolen and then swapped for Ethereum.
Though initially reported as an exploit of the Harmony protocol, the company has since declared that it has "found no evidence in any breaches of our smart contracts codes nor vulnerabilities on the Horizon platform"
The Harmony protocol hack is the latest in multimillion-dollar thefts targeting DeFi protocols in March, hackers linked to North Korea stole $622 million from Axie infinity's Ethereum sidechain.
Harmony Protocol offered a $1 million bounty for the return of the bridge funds, saying on Twitter that the company would not advocate for criminal charges if the funds were returned.
We commit to a $1M bounty for the return of Horizon bridge funds and sharing exploit information.— Harmony (@harmonyprotocol) June 26, 2022
Contact us at [email protected] or ETH address 0xd6ddd996b2d5b7db22306654fd548ba2a58693ac.
Harmony will advocate for no criminal charges when funds are returned.
Harmony assured its users that the theft did not impact its BTC bridge and that the company was working with national authorities and forensic specialists to identify the culprit and retrieve the funds. Also, Harmony increased its security measures.
"We have migrated the Ethereum side of the Horizon bridge to a 4 to 5 multisig since the incident" Harmony founder Stephen tweeted, which means that at least four of five separate private keys will be needed to sign and authorize transactions. "We will continue taking steps to further harden our operations and infrastructure security."
6/ All stolen assets were swapped to ETH and currently reside on the hacker's accounts on the Ethereum network. The hacker has not taken steps to anonymize ownership of these assets.— stephen tse s.one stse.eth (@stse) June 26, 2022