HTX Exchange Suffers $7.9 Million Security Breach Due to Private Key Leak

HTX Exchange Suffers $7.9 Million Security Breach Due to Private Key Leak

September 24, 2023
Attack Types: 
Private Key Leak
Entity Types: 
Custodian ,Exchange
Target Entities: 
HTX

Summary #

On September 24, 2023, HTX, a global custodial crypto exchange, formerly Huobi Global, experienced a security breach due to a private key leak. The attacker exploited this vulnerability and extracted approximately $7.9 million worth of ETH (4,999 ETH) from the hot wallet of the exchange. After HTX identified the attacker and demanded the return of the funds, the hacker returned the stolen assets on October 7, 2023, and received a “white hat bonus” of 250 ETH, equivalent to $408,666.

Attackers #

The identity of the attacker remains unknown. The following Ethereum addresses were used to transfer the funds:

Losses #

HTX Exchange initially lost around $7,902,519 (4,999 ETH) from its hot wallet. The funds were later returned by the attacker.

Timeline #

  • September 24, 2023, 10:00 AM UTC: The attack commenced, and the attacker transferred 4,999 ETH from the HTX hot wallet.
  • September 25, 2023, 10:08 AM UTC: Huobi Recovery labeled address sent on-chain message to the attacker:

    We have identified your true identity. Please return the funds to 0x18709E89BD403F470088aBDAcEbE86CC60dda12e. We will offer you a 5% white hat bonus. This offer is valid for 7 days, until October 2, 2023. If you have not returned the funds by then, we will involve law enforcement.

  • October 7, 2023, 01:29 PM UTC: The attacker returned 1,000.9 ETH.
  • October 7, 2023, 01:34 PM UTC: The attacker returned 3,997.9 ETH with the following on-chain message:

    Received your message.white hat bonus to 0x1Fc8674A51D6b97C968BE384337519CE7003152B .your system hot wallet private key leak, you should change system hot wallet address and reduce the system hot wallet rate.

  • October 7, 2023, 03:54 PM UTC: HTX sent 250 ETH white hat bounty to the attacker and asked to submit vulnerability analysis, stating their privacy will be protected.

Security Failure Causes #

Private Key Leak: The security breach occurred due to a private key leak from the HTX hot wallet. The attacker later advised HTX to change the system hot wallet address and reduce the system hot wallet rate.

Calendar July 12, 2024
Edit Edit this page