HTX Exchange Faces Second Attack, Loses $13.6M in Cross-Chain Exploit

Jimmy Aki

Last Updated: 23, November 2023

Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.

Cryptocurrency exchange HTX has suffered an estimated loss of $13.6 million due to the exploitation of the HECO Chain bridge. This recent security breach follows a previous hack in September, during which the platform incurred an $8 million loss from a hot wallet breach.

Latest Exploit Stemmed From Three Compromised Hot Wallets

On November 22, the HECO Chain bridge, linking the HTX exchange (formerly Huobi) and Ethereum, fell victim to exploitation, resulting in the loss of $83.4 million in digital assets.

~$83.4M assets of #HECO Bridge were stolen.

Including:
42.11M $USDT
10,145 $ETH($20.42M)
489 $HBTC($15.63M)
346.87B $SHIB($2.75M)
173.2K $UNI($932K)
610K $USDC
42,399 $LINK($600K)
347K $TUSD

All stolen assets were exchanged for $ETH, for a total of 41,434 $ETH($83.4M). pic.twitter.com/3lj5QkzX9f

— Lookonchain (@lookonchain) November 22, 2023

Lookchain, a reputable blockchain security firm, identified the movement of 42.11 million USDT, 10,145 ETH, and a wrapped version of Bitcoin (HBTC) from the bridge to a previously unused Ethereum wallet.

All stolen assets were exchanged for ETH, totaling 42,434 tokens valued at $83.4 million. Consequently, HTX suffered an estimated loss of $13.6 million as part of the $83.4M HECO Chain bridge exploits.

Blockchain forensics firm CyversAlert was the first to detect multiple suspicious transactions on a single hot wallet, leading to the compromise of funds, including ETH and USDT, amounting to a combined $12.4 million.

🚨Red Code🚨Hey @HTX_Global, Our AI powered system has detected multiple suspicious transactions from your hot wallet to https://t.co/zWCsbv1nXJ
Suspicious address has received first1,240 $ETH $2.5M from @HTX_Global's hot wallet.

Then address received $USDT $LINK and $USDC from… pic.twitter.com/E46gbHlm9v

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) November 22, 2023

However, after further investigation, the chain security platform announced that three hot wallets were exploited, with an estimated loss of $13.6 million.

🚨UPDATE🚨Currently, we have identified three hot wallets belonging to @HTX_Global that have been impacted by today's incident.

Furthermore, the hot wallet at https://t.co/baitUaGa4i is affected, containing 4.25M $KOK and 2.19M $ARIX.

The total estimated loss is $13.6M.… https://t.co/68psfCztqs pic.twitter.com/d3cNgf7CXE

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) November 22, 2023

Stolen assets included over 1,240 ETH, 7.3 million USDT, 1.78 million USD Coin, and 62,200 LINK, which was quickly converted to Ethereum.

Justin Sun, the de facto owner of HTX and founder of Tron and BitTorrent, promptly announced compensation for all losses stemming from the compromised hot wallets. He assured concerned traders and investors that all deposits and withdrawals on the exchange were temporarily suspended, emphasizing the security of all funds.

HTX and Heco Cross-Chain Bridge Undergo Hacker Attack. HTX Will Fully Compensate for HTX's hot wallet Losses. Deposits and Withdrawals Temporarily Suspended. All Funds in HTX Are Secure, and the Community Can Rest Assured. We are investigating the specific reasons for the hacker…

— H.E. Justin Sun 孙宇晨 (@justinsuntron) November 22, 2023

HTX, in collaboration with HECO Chain Bridge, has devised a strategy to recover the funds lost in the recent cyber attack. As part of this effort, they have announced a funded bounty program.

New Intel Exchange Bounty: HTX (f.k.a Huobi) / Heco Bridge Hack

We've created and funded a bounty to help identify the person or organization behind today’s @HTX_Global heco bridge attack.

Bounty Link: https://t.co/5yIOvd7V8k

Entity on Arkham: https://t.co/joU5MagNje… https://t.co/NaioZa0Hp0 pic.twitter.com/Vv8wUA4JBV

— Arkham (@ArkhamIntel) November 22, 2023

This bounty is designed to incentivize and reward individuals or organizations who successfully identify the hacker or cyber attack group responsible for the recent exploits.

A Reoccurence of HTX’s Previous Hot Wallet Attack

Prior to the rebranding from Huobi to the HTX exchange, the platform encountered a cyber attack on September 25, resulting in the exploitation of 5,000 ETH tokens valued at around $8 million.

CyberAlerts stated that the attack was successful due to the compromise of one of the exchange’s hot wallets.

🚨Red Code🚨Yesterday, our ML-powered system detected a suspicious transaction involving @HuobiGlobal and @HTX_Global.
Despite our attempts to reach out, we received no response. An EOA received 5K $ETH $7.9M from @HuobiGlobal's hot wallet.

🔍 This morning, we spotted… pic.twitter.com/3oqHhAVi8P

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) September 25, 2023

Sun confirmed the attack in an X update, stating that HTX has fully recovered all losses incurred and successfully resolved all issues.

HTX @HTX_Global has suffered a loss of 5,000 #Eth ($8 million USD) due to a hacker attack. HTX has fully covered the losses incurred from the attack and has successfully resolved all related issues. All user assets are #SAFU and the platform is operating completely normally.

— H.E. Justin Sun 孙宇晨 (@justinsuntron) September 25, 2023

In response, HTX promised to reward hackers with a 5% ( about $400,000) bonus if stolen funds are returned.

We are willing to offer 5% of the stolen amount (400,000 USD) as a white hat reward to encourage the hacker to return the stolen funds. If the hacker returns the funds, we will also hire them as a security white hat advisor for HTX.

— H.E. Justin Sun 孙宇晨 (@justinsuntron) September 25, 2023

These recent attacks on HTX echo similar incidents in the blockchain space. On June 24, 2022, Harmony Bridge fell victim to an attack, resulting in a $100 million drain due to the compromise of two hot wallet addresses.

Harmony Protocol's Horizon bridge was hacked and $100 million were drained earlier today.

The bridge was essentially a 2 of 5 multisig. If any 2 addresses told it to transfer funds to someone, it did.

The hacker compromised 2 addresses and made them drain the money. 🧵👇 pic.twitter.com/hv1JWDy9WQ

— Mudit Gupta (@Mudit__Gupta) June 24, 2022

Cryptocurrency market maker Wintermute also suffered bridge attacks, leading to a loss of $160 million on September 20, 2022.

#PeckShieldAlert ~$160M were stolen from @wintermute_t exploit, including ~73% of stolen funds ($118.4m) are stablecoins ($DAI, $USDT, $USDC, $USDP), 8% in $WBTC and 6% in $ETH
Etherscan shows that @wintermute_t exploiter is the 3rd largest holder of 3CRV (~$112m) pic.twitter.com/huENnFBfOm

— PeckShieldAlert (@PeckShieldAlert) September 20, 2022

These attacks exemplify the soaring threats hackers pose to chain bridges. As bridges facilitate smooth transfers of more assets, they are prone to attacks due to their lax security controls.

About Jimmy Aki PRO INVESTOR

Based in the UK, Jimmy is an economic researcher with outstanding hands-on and heads-on experience in Macroeconomic finance analysis, forecasting and planning. He has honed his skills having worked cross-continental as a finance analyst, which gives him inter-cultural experience. He currently has a strong passion for regulation and macroeconomic trends as it allows him peek under the global bonnet to see how the world works.

View all posts by Jimmy Aki