Harmony Protocol Hacker Starts Moving $100M Stolen Funds to Tornado

Following last week’s attack on the Harmony Protocol that resulted in the loss of $100 million, the exploiter has started to move the stolen funds.

Harmony Hacker Moves $22 Million 

The exploit on the Horizen bridge, a channel that connects the Harmony network to leading blockchains Bitcoin, Ethereum, and Binance Chain, occurred when two addresses in a 2-5 multi-sig wallet used by Harmony got hacked with the attacker carting away $100 million worth of assets. 

The hacker began transferring the stolen funds on Monday. At the time of writing, more than 18,000 ETH worth about $22 million has been moved from the exploited wallet. The attacker initially distributed over 6000 ETH of the stolen funds across three different wallet addresses, then moved them from the secondary wallet into groups of 100 ETH. 

All the transferred funds were sent to Tornado Cash, a private transaction channel that makes it difficult for the funds to be traced. The hacker appears to be following the steps of the exploiters behind the Ronin Network attack, which occurred in March. Recall that Coinfomania reported in April that the U.S. Treasury Department tied Ronin’s exploit to the infamous North Korean hacking group with the pseudonym, Lazarus.

Harmony Involves FBI

The project team noted that it has joined forces with officials such as the Federal Bureau of Investigation (FBI) and investigation teams to look into the exploit.

1/ We are aware the hacker has begun to move funds through Tornado Cash. The team is working with two highly reputable blockchain tracing and analysis partners, and collaborating with the FBI as part of an investigation into this criminal act. ????

— Harmony ???? (@harmonyprotocol) June 28, 2022

On Monday, the team declared a one million bounty for the return of stolen funds or the communication of vital information pertaining to the exploit. The team added:

“Harmony will advocate for no criminal charges when funds are returned.”

Meanwhile, the project’s native token $ONE has reacted to the recent hack. After seeing a slight 5% decrease shortly after the attack, the token currently seats at a trading price of $0.0207, representing about a 30% decrease since the exploit.

DeFi Hacks on the Rise

In recent times, more decentralized finance (DeFi) projects have become exploit victims. Earlier this month, DeFi lending platform Inverse Finance fell victim to an attack, leading to a loss of $1.2 million, making it the second exploit this year.

According to an April report, it was revealed that the DeFi project Fei protocol was exploited, resulting in a loss of more than $80 million to bad actors.