On Nov 22, 2023, the HECO Bridge was exploited for ~$87 million due to a suspected private key compromise.
Additionally, ~ $12 million was also stolen from HTX’s hot wallets.
To avoid further losses, the HTX team moved funds from some of their hot wallets to a Huobi Recovery address, 0x18709e89bd403f470088abdacebe86cc60dda12e.
This secondary attack brought the estimated loss to over $99 million.
Hack Txn: https://etherscan.io/tx/0xbb6fe88427c2f3bc179075109d47a805dcfedab0e475eaca0d979311873e131b
Exploiter Address: 0xfc146d1caf6ba1d1ce6dcb5b35dcbf895f50b0c4
Stolen Funds Parking Add: 0xe47e6dA16Bb83EB0FD26b3F29b15CE8Fab089B9e ($63 million)
Details of the Attack
The attacker targeted the HECO Bridge, stealing a substantial amount of cryptocurrencies.
The total value of the stolen assets amounts to approximately $86.6 million, encompassing diverse cryptocurrencies:
- 346,994 TUSD
- 42,399 LINK
- 619,000 USDC
- 173,200 UNI
- 346.9M SHIB
- 489 HBTC
- 42M USDT
- 10,145 ETH
The attack was executed by transferring these assets to various externally owned accounts (EOAs) before swapping them for Ethereum.
Stolen Funds Details
The stolen funds are currently held at the following addresses:
- 0x153D99836E197f92a8385bA80AfBB57b69de2cC1
- 0x493BB5E2a551aE8FA22EfF0F964820712Ed77Dcb
- 0x640e567A5041c7108033dADB0b47A3F7aEdD661b
- 0x945647F6225a44E35a0Ea50F9FE2b4321794aA29
- 0xe47e6dA16Bb83EB0FD26b3F29b15CE8Fab089B9e
- 0x6A40dfe3008Bc3f99907e6DFf4d041F933493411
- 0x7aBd8ddA6CcA1785Af2f812b171B98D6924ff5D2
The initial analysis points towards a compromised operator as the potential cause, especially considering the suspicious withdrawal of 10,145 ETH (valued at around 💰$19 million) initiated by an operator.
Previous Hacks of HTX Exchange
This is not the first time this year when HTX was exploited by malicious hackers. In Sep 2023, HTX lost $8M worth of ethers.
In the attack, one of HTX’s hot wallets was hacked. The said wallet had been receiving massive (around $500 million) in deposits from Binance since it was created in March 2023.
Must Read: How to Prevent and Manage Private Key Compromise