Shortly after the November 10th hack of the Poloniex cryptocurrency exchange, backed by Tron’s founder Justin Sun, the community was shocked by a new attack on another of Sun’s exchange platforms, HTX (formerly Huobi), as well as Heco Bridge.
Read also: Poloniex Hacker Makes a Mistake, May Lose $2.6 Million
Web3 security firm CertiK was one of the first to detect the suspicious movement of funds on November 22. Yesterday, CertiK’s team provided a detailed analysis of the incident, where it claims that the second security breach in a month announced by Sun resulted from the compromise of the bridge’s operator wallet.
The attacker utilized the 0x3d655889D197125fb90dcB72e4a287A8410ED1B9 (Heco Bridge Operator) to call the withdrawToken function, which can only be accessed by the operator. Subsequently, they withdrew a substantial amount of assets, including 10,145 ETH, 42,110,000 USDT, 489 HBTC, 346,867,120,000 SHIBA INU, 173,200 UNI, 619,000 USDC, 42,399 LINK, and 346,994 TUSD, totaling approximately $87 million.
Meanwhile, HTX hot wallets on Ethereum experienced suspicious movements involving 1,240 ETH, 7,330,600 USDT, 1,780,000 USDC, 61,250 LINK, 2,195,836 ARIX, and 4,254,541 KOK, amounting to $13.6 million in stolen funds.
The malicious activity was also detected on TRON, where transfers included 500,000 TRX, 10.3 million USDT, 2.2 million USDC, 521.7k RockDAO, and approximately 1 million BTT tokens, totaling $12.6 million.
Finally, CertiK detected that 73.797 BTC was transferred from HTX; however, the cybersecurity team emphasizes that "At the time of writing, the funds remain in the wallet and could represent additional losses; however, this is not confirmed.
Read also: Hacker Pilfers $45 Million from Kyber Network, Requests Rest Before Negotiations
Soon after the news of the attack surfaced, Sun announced the HTX's plan to fully compensate for the hot wallet losses.
"Deposits and withdrawals are temporarily suspended. All funds in HTX are secure, and the community can rest assured," Sun wrote in a post.
To support the investigation of the incident, the blockchain deanonymizing platform Arkham announced a bounty of 10,000 ARKM to "help identify the person or organization behind today’s HTX and Heco Bridge attack." At press time, the reward was worth about $4,460, and the bounty program was available for another 29 hours.
The estimated financial damage from the HTX and Heco Bridge hack is quite close to the losses stemming from the attack on Poloniex when the malicious actor stole almost $132 million. CertiK marked these incidents as the "second-largest private key compromise" it detected in 2023. Together with the rest of the private key compromises that have happened this year, the incidents have led to a total loss of over $800 million.
Some members of the crypto community assume that the notorious Lazarus group of hackers, backed by the North Korean government, is behind the recent hacks. Some X users even raised concerns that Justin Sun himself might be involved in the hacks.
"Either you are the hacker or you have some seriously lacking security measures and controls in your businesses. Either way, I would not feel confident in holding any crypto in anything you control for the time being," X user CryptoAcid voiced one of the popular opinions about the event.