The exploiter appears to have declined the $1 million bounty offered by the Harmony team in exchange for the return of the $100 million stolen from the Horizon Bridge token bridge.
The movement of cash from Harmony’s Horizon Bridge into the Tornado Cash Ethererum mixer indicates that the attacker will not accept the $1 million prize.
The choice to conceal the illicit earnings addresses the question of whether the Harmony team’s offer of 1% of the $100 million in crypto money taken on June 24 would be sufficient to encourage the exploiter to return the cash.
At 3:10 a.m. on June 28, 18,036.3 ETH worth about $21 million was moved out of the primary wallet of the Horizon Bridge exploiter. The funds were subsequently divided equally and transmitted to three distinct addresses in separate transactions over the course of 10 hours.
Tornado Cash permits mixing a maximum of 100 ETH per transaction, therefore large sums can take several hours to process. Mixing ETH is a privacy mechanism that obscures the transaction path of funds so that they cannot be tracked back to earlier transactions.
The first and second wallets that got ETH from the primary wallet of the exploiter have completed mixing the funds and are now left with approximately 16.3 ETH, an amount that is likely too tiny to worry with.
At the time of writing, the third wallet was delivering 100 ETH to Tornado at eight-minute intervals and still had 2,800 coins remaining.
The project’s Twitter account reiterated on June 27 that the team was investigating the hack alongside the Federal Bureau of Investigation and “two highly recognised blockchain tracing and analysis partners.”
About $80 million worth of ETH remains in the principal wallet of the explorer. They could refund a portion of the stolen funds to Horizon, or they could be taking a break, as it took the exploiter more than 13 hours to mix $21 million.
Despite the first haul being worth approximately $100 million at the time, favourable ETH price swings have improved its value to $101.5 million.
Stephen Tse, the founder of Harmony, revealed on June 25 that the exploiter acquired control of the two Horizon Bridge signees required for the multisig address used to secure funds. He emphasised that the vulnerable Ethereum side of the bridge was relocated to a more secure multisig wallet requiring four signatories.
Horizon is the most recent of an increasing number of token bridges to be attacked. Poly Network was the largest token bridge to be compromised in 2021, losing $610 million that was almost totally recovered.
In 2022, more over $1 billion has been illicitly removed from the Meter, Wormhole, Ronin, and now the Horizon token bridges.
