The hackers responsible for stealing $100 million in altcoins from Harmony Protocol's Horizon bridge have begun to launder the funds, according to PeckShield.

The hackers sent three transactions from the address used in the June 23rd hack totaling around 30K ETH (around $36 million) to the mixing service Tornado Cash, with $64 million still in the hacker's Ethereum wallet, according to blockchain analysis by the blockchain security company.


Harmony is a layer-1 proof-of-stake blockchain launched in 2019. Its Horizon bridge allows users to send cryptocurrencies between blockchains like Harmony's network and Ethereum, Binance Chain, and Bitcoin.

Crypto mixing services allow users to conceal the origins of their cryptocurrencies by pooling significant amounts of coins in a single pool and “mixing” them, a process commonly used to launder illicitly acquired tokens.

In Thursday’s hack, $100 million in Wrapped Ethereum (WETH), AAVE, SUSHI, DAI, Tether (USDT), and USD Coin (USDC) were stolen and then swapped for Ethereum. Though initially reported as an exploit of the Harmony protocol, the company has since declared that it has "found no evidence in any breaches of our smart contract codes nor vulnerabilities on the Horizon platform."

The Harmony Protocol hack is the latest in multimillion-dollar thefts targeting DeFi protocols. In March, hackers linked to North Korea stole $622 million from Axie Infinity's Ethereum sidechain, Ronin.


On Saturday, Harmony Protocol offered a $1 million bounty for the return of the bridge funds, saying on Twitter that the company would not advocate for criminal charges if the funds were returned. With today's transfers, the offer appears to have been rejected.

After the hack, Harmony assured its users that the theft did not impact its BTC bridge and that the company was working with national authorities and forensic specialists to identify the culprit and retrieve the funds. In addition, Harmony increased its security measures.

“We have migrated the Ethereum side of the Horizon bridge to a 4-of-5 multisig since the incident,” Harmony founder Stephen Tse tweeted, which means that at least four of five separate private keys will be needed to sign and authorize transactions. “We will continue taking steps to further harden our operations and infrastructure security.”

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.