A few hours ago the Heco Bridge infrastructure and the HTX exchange were drained in a hack worth a combined $110 million in crypto.
The two entities involved are structurally linked to each other: in fact, Heco Bridge represents the bridge that users can use to transfer assets to the Heco chain, which was created precisely by HTX.
The hacks, although at first glance they appear to belong to two different attacks, are actually the work of the same malicious party given the similarity of the exploit technique.
The HTX exchange, as a precaution has temporarily suspended withdrawals from its platform.
See all the details below.
Summary
Heco Bridge and the HTX crypto exchange fell victim to a $110 million hack
The Heco Bridge infrastructure, the main asset transfer bridge for the HECO blockchain, and the FTX crypto exchange have been compromised by a heavy hack.
According to initial estimates, about 10.145 ETH were taken away on the bridge alone, in addition to a large number of other cryptos including USDT, HBTC, SHIB, UNI, USDC, LINK, and TUSD, totaling $86.84 million.
The stolen USDTs were immediately swapped for ETH in order to avoid an asset freeze by Tether, while the other coins were dispersed (and sometimes also converted to ETH) across multiple addresses.
This is the wallet reference to which all funds were initially transferred.
The first to notice the exploit and share the unfortunate event to the crypto community on X were Wintermute research chief Igor Igamberdiev and blockchain analysts PeckShield.
The latter cybersecurity firm pointed out that it was an operator, about whom little or nothing is yet known, who was compressed, and that the hack could be traceable with that of the Poloniex exchange, which was hacked for another 125 million a few days ago.
Both Poloniex and Heco Chain represent products in the hands of multibillionaire Justin Sun, who by the way also runs the other exchange HTX, which was also drained by the hack today.
Specifically on HTX, a $23.4 million crypto exploit was revealed, likely run by the same Heco bridge hacker given the operational similarities of the two attacks.
Among other things, the outgoing transactions from the exchange in question were executed within minutes of those from the bridge.
Arkham Intelligence reported that HTX stopped processing withdrawals around 12:30 PM. Italian time today in order to prevent further unwanted capital leaks.
Justin Sun’s response came a short while ago, reassuring its clients that the exchange platform’s assets are now safe and that all stolen funds will be fully compensated by HTX itself.
Considering both today’s hacks and that of the Poloniex exchange, the sum stolen amounts to $235 million.
This is a paltry sum for the finances of Justin Sun, who represents one of the richest crypto entrepreneurs on the planet, and will certainly not ruin his reputation within the crypto industry.
At the same time, the 3 exploits, which occurred just a short time apart, highlight a major underlying problem in the management of cryptocurrencies by companies such as those mentioned above, which still struggle to run such dynamic businesses without crossing security problems.
Fourth quarter of the year very profitable for cryptocurrency hackers
The theft against the Heco Bridge and the HTX exchange brings back to the forefront the topic of crypto hacks, which during the first three quarters of 2023 had been much less violent and frequent than during the previous year when exploits worth more than $3.1 billion were recorded.
In Q4 2023, however, this activity seems to have come back into fashion, reaching over $500 million for cybercriminals.
In addition to the 3 cases mentioned just now, the database attack against the Mixin network, which allowed hackers to steal about $200 million, is also noteworthy.
It is clear that with the evolution of the cryptographic landscape and the proliferation of new stimuli and technologies, more and more malicious actors are finding the pretext to be able to rob entire ecosystems, going on to damage both their reputations and finances.
Especially when it comes to bridges and interoperability platforms, hacks become more and more frequent given the youthfulness of this type of infrastructure and the difficulty they encounter in being able to connect different blockchains together.
These so-called “points of failure” represent a problem that needs to be addressed as soon as possible by the crypto community, which can no longer do without cross-chain transactions but at the same time must defend itself against this growing threat.
Today fortunately for us we can count on Justin Sun to cover all user losses by drawing on his personal wealth, but in the future it could be a company not chaired by a crypto mogul that is affected.
As blockchain applications evolve it will be necessary to resort to increasingly complex and articulated security measures to run for cover from crypto hacks, or else the mass adoption of this technology will slow down.
Of course, we are still in the early days of the mainstream expansion of distributed computing systems hence it is normal for there to be hitches like these.
The hope, at any rate, is that we may soon be able to leave this behind and embrace a new era of robustness, impenetrability, and utopian honesty.
