The funds that were stolen from the Horizon Bridge of Harmony were sent to the Tornado Cash Ethereum mixer by the hacker. This is a clear indication that they have no intention of accepting the bounty that Harmony was offering and are not going to return the stolen funds.
No getting the funds back
On Friday, $100 million were stolen from the Horizon Bridge and Harmony had offered a bounty of $1 million for the hacker to return the funds, which is just 1% of the total amount. The fact that the attacker has decided to obfuscate the stolen funds is a clear indication that the offer will not be accepted and is not enough for the hacker to return them.
On Tuesday, the primary wallet of the attacker of the Horizon Bridge saw activity in which about 18,036.3 Ether were transferred, which was worth $21 million at that time. In the next 10 hours, single transactions were used for sending the ill-gotten funds to three different addresses in equal amounts.
Maximum 100 ETH tokens can be mixed via Tornado Cash at a time, which means it takes several hours for mixing large sums. The mixing of the tokens was introduced as a privacy measure aimed at obfuscating the transaction trail of the tokens, so it is not possible to trace them back to older transactions.
The wallets of the exploiter
The coins in the first and second wallets that were sent from the primary wallet of the attacker have already mixed their coins and a negligible amount of 16.3 million ETH remains in the two. As for the third one, it was still sending batches of 100 ETH to Tornado Cash after every eight minutes. At the time of writing, there were still 2,800 coins remaining in the wallet.
As far as the primary wallet of the hacker is concerned, it still contains ETH tokens worth $80 million. It is possible that the attacker may decide to return some of the stolen funds to Harmony. It is also possible that the attacker may just be taking a break, as mixing just $21 million of the stolen funds had taken about 13 hours.
At the time of the hack, the haul taken by the attacker had been valued at $100 million. However, positive fluctuations in the price of Ether have increased the value of the funds to $101.5 million.
Harmony investigating the incident
On Monday Harmony’s Twitter account confirmed that they were working with the Federal Bureau of Investigation (FBI) in the US and two reputable companies specializing in blockchain tracing and analysis for investigating the hack. Harmony’s founder, Stephen Tse had disclosed on Saturday that the exploiter had taken control of the two signees of the Horizon Bridge for the multisig address.
He stated that they had now moved the affected Ethereum side to another multisig wallet that would now need four signees. Horizon is the latest token bridge to be compromised in the world of decentralized finance (DeFi).