Data shared by blockchain security platform PeckShield shows that more than $86.6 million in digital assets were transferred from the HECO Chain bridge to suspicious addresses. The security firm suggests that the bridge is compromised and an exploit is ongoing.
In response to the incident, Tron founder Justin Sun announced that HTX will fully compensate users for any losses incurred in the hack. The company has also temporarily suspended deposits and withdrawals as they investigate the incident. The executive said services will resume after the investigation is completed.
HTX and Heco Cross-Chain Bridge Undergo Hacker Attack. HTX Will Fully Compensate for HTX's hot wallet Losses. Deposits and Withdrawals Temporarily Suspended. All Funds in HTX Are Secure, and the Community Can Rest Assured. We are investigating the specific reasons for the hacker…
— H.E. Justin Sun 孙宇晨 (@justinsuntron) November 22, 2023
Initially, PeckShield published an alert pointing out a transaction where 10,145 Ether (ETH), worth around $19 million, was transferred from the bridge. Several other transactions followed, with digital assets like USD Coin (USDC), Chainlink (LINK), Shiba INU (SHIB) and more, were transferred to other addresses.
#PeckShieldAlert Suspicious huge withdrawal of 10,145 $ETH (~$19m) from #Heco_Bridge. @justinsuntron
— PeckShieldAlert (@PeckShieldAlert) November 22, 2023
Note the tx is initiated by the operator. Looks like a compromised operator?https://t.co/thBVveuL6X pic.twitter.com/th4Ui0FO3A
HTX Eco Chain, or HECO, was officially launched on Dec. 21, 2020, to provide a cross-chain experience with lower gas fees. The project was a merger between Tron and BitTorrent’s bridge ecosystem, with Sun combining both ecosystems into HECO in 2022.
Related: Poloniex says hacker’s identity is confirmed, offers last bounty at $10M
The recent HECO Chain hack is the second recent exploit of a project related to Sun. On Nov. 10, an exchange acquired by Sun in 2018, Poloniex, suffered a $100 million exploit. Security analysts believe that the incident may have resulted from compromised private keys.
Magazine: $3.4B of Bitcoin in a popcorn tin: The Silk Road hacker’s story