The DeFi world was shaken by a sophisticated exploit targeting the Heco chain bridge, resulting in a loss of $87 million. The attack didn’t stop there; HTX’s hot wallets were also compromised, leading to an additional $12 million theft.
Inside The Attack
The initial breach was identified when a staggering $87 million was siphoned off through the Heco chain bridge. A closer inspection of the blockchain revealed the trail of stolen funds across multiple addresses:
The attack was carried out by transferring assets to externally owned accounts (EOAs) and swapping them for Ethereum (ETH).
HTX, also a victim, lost about $12 million from its hot wallets. In an attempt to secure what was left, the HTX team transferred all the funds from some of their hot wallets to a Huobi Recovery address, 0x18709e89bd403f470088abdacebe86cc60dda12e.
Additional addresses linked to the stolen funds are as follows:
The common denominator in these breaches appears to be compromised private keys, echoing the vulnerability that led to a previous $125 million hack on another of Justin Sun’s ventures, the Poloniex exchange. Justin Sun has assured the community that HTX will fully compensate for the losses and that an investigation is underway to uncover the specific causes of the exploit.
The recurrence of such high-profile attacks suggests that the robustness of private key management and operational security needs to be re-evaluated. The repeated nature of these incidents on Justin Sun’s platforms suggests a potential systemic issue that needs to be addressed.
Moreover, these incidents serve as a critical reminder about the essential role of wallet security. Ensuring the safety of wallets through continuous real-time monitoring, quick action in response to any suspicious activity, thorough security checks, and strict adherence to the best practices for handling private keys is paramount to protecting assets in the DeFi ecosystem.
Follow @hackenclub on 𝕏 (Twitter)
The Heco chain bridge and HTX exploits are sobering reminders of the potential risks in the DeFi space. These incidents reinforce the need for the Web3 community to adopt a security-first mindset. As we await the findings of the ongoing investigations, the responsibility lies with every stakeholder in the ecosystem to bolster their defenses, anticipate breach attempts, and fortify the trust in the technology that underpins the future of finance.