Harmony Hacker Is Using Tornado Cash To Launder Stolen $100 Million

Harmony

According to a PeckShield report, The Harmony attacker has already mixed more than $12 million through the protocol, and they’re sending 100 ETH to Tornado Cash every six minutes.

On Thursday morning, the proof of stake blockchain “Harmony” disclosed that $100 million worth of cryptocurrency had been stolen from its Horizon bridge.

Related reading | Breaking: FTX Exploring Ways To Purchase Robinhood

Harmony posted a tweet on June 23 stating that:

The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM.

Later, they blogged about the incidents. Harmony said that their Horizon Ethereum Bridge was a victim of a “malicious attack.”

According to the blog post, the attacker was able to access and decrypt some of the keys used in fraudulent transactions and seizures of assets in the form of BUSB, USDC, ETH, and WBTC. The attacker then converted all assets to ETH.

The Horizon bridge was used to steal over $100 million in different tokens, including FRAX, FXS, wETH, WBTC, AAVE, SUSHI, USDT, and BUSD. These tokens were exchanged for ETH on Uniswap.

Bitcoin is currently trading at $20,565  on one day chart | BTC/USD price chart from Tradingview.com

Stephen Tse, CEO of Harmony, tweeted on June 25 that:

No evidence of smart contract code breach. No evidence of any vulnerability on the Horizon platform was found. Our consensus layer of the Harmony blockchain remains secure.

 Use Of Tornado Cash To Transmit The Harmony’s Amount

According to data from Etherscan, the hacker’s wallet used in the attack transferred around 18,000 ETH ($21 million) to a secondary wallet. And then, the hacker sent around 6,000 ETH ($7 million) to three different addresses using this secondary wallet. 

Two of these wallets transferred ETH to a Tornado Cash router. Harmony offered a $1 million bounty two days ago to get the stolen funds back, but it doesn’t seem like that was enough. The transfer still happened. Adding that, Harmony said they won’t support criminal charges if the people who stole the funds help get them back.

Crypto hackers prefer to cash out using Tornado Cash because this protocol makes it hard to trace wallet-to-wallet transfers. However, users can employ zero-knowledge technology to remove the linkages tying together their on-chain transactions with the aid of the Ethereum protocol Tornado Cash.

Related reading | The Metric That Says A Further 50% Drawdown For Ethereum Is Possible

In one of the biggest cryptocurrency attacks in history, North Korean government hackers stole more than $600 million in Ethereum from the popular play-to-earn game Axie Infinity in March. They sent a portion of the proceeds to an account on Tornado Cash.

After that, Tornado Cash became incredibly more popular among cryptocurrency stealers. The Meter, Wormhole, Ronin, and now Horizon token bridges have been exploited for more than $1 billion in 2022 through illicit methods.

                Featured image from Flickr and Chart from TradingView.com
Exit mobile version