Cryptocurrency exchange HTX (formerly Huobi) has disclosed the recovery of the crypto funds stolen by a hacker in late September. The crypto company has also honored its 5% white hat bonus offer to the hacker after reclaiming the looted funds.
On September 25, the HTX exchange succumb to a vulnerability, and 5,000 ETH were drained from one of its hot wallets. Following this exploit, the crypto company contacted the attacker and claimed it had confirmed their identity.
At the time, HTX requested the return of the stolen funds and offered the attacker a 5% white hat bonus. However, this offer came with an ultimatum of seven days, which elapsed on October 2, 2023.
HTX Pays Hacker 250 ETH White Hat Reward
On Saturday, October 7, HTX adviser Justin Sun confirmed – via a post on X (formerly Twitter) – that the exchange has received the entire funds stolen by the hacker. In this post, Sun assured that the hacker had been paid a white hat reward of 250 ETH (about $410,000), as initially promised.
Sun added:
Strengthening blockchain security and protecting user assets is never an easy task, and we have been working tirelessly! Providing full security for user assets is always our goal to strive for! We are thankful for the continued support of our users and community!
We have confirmed that the hacker has fully returned all funds, as promised, and we have also paid the hack a white hat bonus of 250 ETH. The hacker made the right choice. We would like to express our gratitude to everyone in the industry for their help! https://t.co/SwY49A25h2
— H.E. Justin Sun 孙宇晨 (@justinsuntron) October 7, 2023
Interestingly, the HTX hacker left a message via one of the recovery transactions. It is believed that the attacker was trying to tell the crypto exchange how they managed to drain one of its hot wallets and how to avoid future occurrences.
The attacker said:
Your system hot wallet private key leak, you should change system hot wallet address and reduce the system hot wallet rate.
Meanwhile, HTX sent its own message alongside the 250 ETH white hat bounty. “You have made the right choice. Please submit a security vulnerability analysis report to the email so that we can avoid similar incidents in the future. Your privacy will be protected,” the on-chain text read.
$330 Million Lost To Crypto Exploits In September
September wasn’t particularly the best month for the cryptocurrency industry, especially regarding security. Although the recent asset recovery by HTX offers some relief, the amount recovered pales compared to the total value of crypto lost to hacks and exploits in the past month.
According to data from blockchain security firm Certik, around $332 million in crypto assets were stolen via exploits, exit scams, and flash attacks in September 2023. Exploits specifically accounted for over 98% of this figure ($329.8 million), while less than $2.5 million was lost to rug pulls and flash loan attacks.
Combining all the incidents in September we’ve confirmed ~$332M lost to exploits, hacks and scams.
Exit scams were ~$1.9M
Flash loans were ~$0.4M
Exploits were ~$329.8M
See more details below pic.twitter.com/DMFN9LWU8V
— CertiK Alert (@CertiKAlert) September 30, 2023
Notably, crypto exchange CoinEx Global fell victim to an exploit, resulting in the loss of nearly $70 million in crypto assets. A few weeks later, Mixin Network suffered the most significant attack in September, with $200 million drained from the decentralized finance protocol.
Similar to the HTX Exchange, Mixin Network took the strategy of offering a bug bounty award ($20 million) in exchange for the hacker returning the stolen goods.