Coordinated Attacks Result in $113.3 Million in Losses for Heco Bridge and HTX Exchange

Coordinated Attacks Result in $113.3 Million in Losses for Heco Bridge and HTX Exchange

November 23, 2023
Attack Types: 
Private Key Leak
Entity Types: 
Custodian ,DeFi ,Exchange ,Bridge
Target Entities: 
Heco Bridge ,HTX

Summary #

On November 22, 2023, Heco Bridge and HTX Exchange were victims of cyberattacks, resulting in over $113.3 million in losses. The attacks appear coordinated and carried out by the same attacker based on similar exploitative techniques and the connection between the two targets. Blockchain security firms CertiK, Peckshield, and Cyvers have reported over $86.6 million in digital assets losses for Heco Bridge and $13.6 million in losses for HTX. All of which were distributed over eight wallets. Additionally, CertiK noted several transactions taking place simultaneously on TRON, totaling $12.6 million, putting their reported total over $113.3 million.

Attackers #

The attacker has yet to be identified but used 0xe47e6dA16Bb83EB0FD26b3F29b15CE8Fab089B9e address to transfer some of the drained funds.

Losses #

According to CertiK, the following withdraws took place:

Heco Bridge:

  • $10,145 in ETH
  • $42,110,000 in USDT
  • $489 in HBTC
  • $346,867,120,000 in SHIBA INU
  • $173,200 in UNI
  • $619,000 in USDC
  • $42,399 in LINK
  • $346,994 in TUSD

HTX:

  • $1,240 in ETH
  • $7,330,600 in USDT
  • $1,780,000 in USDC
  • $61,250 in LINK
  • $2,195,836 in ARIX
  • $4,254,541 in KOK

Timeline #

  • November 22, 2023, 10:06 AM UTC: Initial funds transfer wallet transaction.
  • November 22, 2023 at 11:23 AM UTC: In an X post, PeakShield announces a Heco Bridge withdrawal of 10,145 ETH.
  • November 22, 2023 at 12:34 PM UTC: Justin Sun announces the attack in an X post. He states all withdrawals and deposits have been temporarily [suspended],( https://twitter.com/justinsuntron/status/1727304656622326180) and HTX will compensate for the losses from its hot wallet.
  • November 24, 2023 at 02:55 PM UTC: Justin Sun announces in an X post an airdrop will be initiated for user assets.
  • December 4, 2023: Postmortem Analysis is posted on Medium by Olympix.

Security Failure Causes #

  • Insecure Management of Private Keys: Lapses in safeguarding private keys allowed attackers to gain control over critical wallets.
  • Insufficient Anomaly Detection: A lack of mechanisms to detect unusual transaction patterns early.
  • Failure in Multi-Signature Security: If not implemented, could have prevented unauthorized transactions even if a key was compromised.
Calendar July 12, 2024
Edit Edit this page