The Harmony attacker is sending 100 ETH to the Tornado Cash router every six minutes and has already mixed more than $12 million through the protocol.
The Harmony attacker is starting to send their tokens through Tornado Cash.
As shown by Etherscan, the wallet responsible for last week’s Harmony exploit sent a little more than 18,036 ETH (a sum worth north of $21 million at today’s prices) to a secondary wallet. That secondary wallet then evenly split the sum between three tertiary wallets; at the time of writing, two of these tertiaries have sent ETH to a Tornado Cash router.
That sum is now being routed through Tornado Cash in installments of 100 ETH. At the time of writing 10,409 ETH (more than $12 million) had already been mixed in the privacy-enabling protocol. New 100 ETH transactions are happening approximately every six minutes.
Tornado Cash is an Ethereum protocol that leverages zero-knowledge technology to allow users to break the links in their on-chain activity. If used correctly, the protocol makes it impossible to track down transactions from one wallet to another.
The protocol has been used by hackers in the past to cash in on their ill-acquired gains. Data from Nansen indicates that the Harmony exploiter, while having only sent about 12% of their loot to Tornado Cash, is already the fifth-biggest malicious user of the protocol (behind the Ronin, Fei, Beanstalk, and Parity exploiters).
Two days ago Harmony had offered the Horizon bridge hacker a $1 million bounty for returning the stolen funds, with the promise of not advocating for criminal charges if they chose to cooperate. Other protocols have paid out even greater bounties in the past, with Aurora recently rewarding a white-hat hacker $6 million for detecting a possible exploit and notifying the team about it.