Hacker begins laundering funds from $100 million Harmony bridge attack

Quick Take

  • The hacker is in the process of laundering about a fifth of the $100 million stolen from Harmony’s Horizon bridge.
  • Harmony has offered a $1 million bounty for the return of the stolen funds.

The hacker responsible for stealing $100 million from Horizon, a cross-chain bridge tied to the Harmony blockchain protocol, has begun laundering the funds, according to reports by PeckShield.

Data from Etherscan show the wallet used by the hacker in the attack sent out about 18,000 ETH ($21 million) to another wallet. The hacker used this other wallet to disburse the funds to three other addresses, sending about 6,000 ETH ($7 million each).

The first intermediary address has already laundered the funds received via Tornado Cash, a coin mixing service. The second wallet is in the process of doing so in batches of 100 ETH ($116,000) while the third wallet still has the 6,000 ETH in it as of the time of publishing.

These fund transfers come even as Harmony offered a $1 million bounty for the return of the stolen funds. The blockchain project has even offered to waive any law enforcement action should the hacker return the stolen crypto assets.

The hacker’s wallet still holds over $80 million in ETH tokens as well as about $65,000 worth of other tokens stolen during the bridge exploit as of press time.


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Thursday’s Horizon bridge attack saw the theft of more than 85,000 ETH worth $98 million at the time. Security experts like Mudit Gupta, the chief information security officer at Polygon, say the hack happened because the bridge’s multi-signature wallet was compromised, as previously reported by The Block.

Muti-signature wallets work by having a smart contract with several private keys controlling the use of the wallet. The smart contract usually includes a provision for the minimum number of keys required to approve a transaction. As such, these keys are shared among different persons with the logic being that the decentralized approval process will make it harder for malicious actors to break into the wallet.

There is, however, the problem of setting a low minimum number of keys to approve transactions. This was reportedly the case in the Horizon attack. According to Gupta, the bridge was set to a “2 of 5 multi-sig.” This means the hacker only needed to compromise two of the keys to steal the funds.

A similar situation also led to the Ronin bridge hack in March, when the hackers stole about $600 million worth of crypto. The Roin attacker — later identified by the US government as the North Korea-tied hacking group Lazarus — compromised five out of the nine validators used by the bridge protocol.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Osato is a news reporter at The Block as part of the crypto ecosystems team that focuses on DAO governance, staking, blockchain layers, and DeFi. He was previously a news reporter at Cointelegraph. Based in Lagos, Nigeria, he enjoys crosswords, poker, and attempting to beat his Scrabble high score. Follow him on Twitter at @OsatoNomayo.