The hackers who stole $100 million in digital currencies from the Horizon bridge of the Harmony Protocol have started to launder the money, according to PeckShield.
The hackers transferred three transactions totalling roughly 30K ETH, about $36 million, to the mixing service Tornado Cash from the addresses used in the attack on June 23 while still having 64 million USD in their Ethereum wallets, according to a blockchain analysis by the blockchain security firm.
— PeckShieldAlert (@PeckShieldAlert) June 27, 2022
The culprit employs a mixing service
The investigation also shows that the Harmony attacker has already mixed more than $12 million through the protocol and is delivering 100 ETH to the Tornado Cash gateway every six minutes.
According to Etherscan, the wallet used in last week’s Harmony attack transmitted a little over 18,036 ETH, about $21 million at the current exchange rate to a secondary wallet. The currency was then divided equally among three secondary wallets; at the time of writing, two of these secondary wallets have already delivered ETH to a Tornado Cash router.
Tornado Cash is a cryptocurrency mixing service that mixes potentially traceable cryptocurrency funds with others to hide the source of the cash. Severing the on-chain connection between source and destination addresses is intended to increase transaction privacy.
When utilized properly, the protocol renders it hard to trace wallet-to-wallet transfers.
In a tweet, Harmony promised the Horizon bridge hacker a $1 million reward for returning the stolen funds and promised not to pursue legal action if they choose to cooperate. However, it appears that the hackers are reluctant to cooperate.
After the incident, Harmony reassured its users that the theft had no effect on its BTC bridge and that the company was collaborating with forensic experts and national authorities to find the culprit and recover the money.
To avoid any similar incidents in the future, Harmony has also stepped up its security procedures. They pledge to keep making efforts to further strengthen the security of their infrastructure and operational processes.