The hacker responsible for stealing $100 million from Horizon, a cross-chain bridge linked to the Harmony blockchain system, has begun laundering the cash.
According to Etherscan data, the hacker’s wallet transmitted around 18,000 ETH ($21 million) to another wallet. The hacker sent around 6,000 ETH ($7 million) to three more addresses using this other wallet.
The cash acquired via Tornado Cash, a coin mixing service, have already been laundered by the first intermediary address. The second wallet is doing so in batches of 100 ETH ($116,000), whilst the third wallet still contains the 6,000 ETH as of the time of publication.
These fund transfers occur despite Harmony’s promise of a $1 million reward for the return of the stolen funds. The blockchain initiative has even promised to waive any legal action if the hacker returns the stolen cryptocurrency assets.
As of press time, the hacker’s wallet still contained over $80 million in ETH tokens, as well as over $65,000 in other tokens taken during the bridge exploit.
During Thursday’s Horizon bridge hack, more than 85,000 ETH worth $98 million were stolen. According to security experts such as Mudit Gupta, chief information security officer at Polygon, the hack occurred because the bridge’s multi-signature wallet was hijacked.
A smart contract with many private keys controls the use of the wallet in multi-signature wallets. A provision for the minimum number of keys required to approve a transaction is frequently included in the smart contract. As a result, these keys are distributed among several individuals, with the idea being that the decentralized approval process will make it more difficult for hostile actors to compromise the wallet.
However, there remains the issue of requiring a small number of keys to approve transactions. According to reports, this was the case in the Horizon attack. The bridge was set to a “2 of 5 multi-sig,” according to Gupta. To take the monies, the hacker only needed to breach two of the keys.
A similar issue led to the Ronin bridge hack in March, when hackers took over $600 million in cryptocurrency. The Roin attacker, later identified by the US government as the North Korean-linked hacker outfit Lazarus, hacked five of the bridge protocol’s nine validators.