PeckShield revealed that over $86.6 million in digital assets were moved from the HECO Chain bridge to addresses raising suspicion. The blockchain security firm said the bridge was compromised, and the transaction was initiated by the operator, indicating a potentially compromised operator.
The latest breach is the second recent incident tied to Justin Sun’s projects.
HTX, HECO Bridge Compromised
Tron Founder Justin Sun confirmed the attack on the HTX and HECO cross-chain bridge and assured the community that the crypto exchange would fully reimburse users for any losses resulting from the breach.
As a response to the investigation, the exchange has temporarily halted deposits and withdrawals. Sun added that the services would resume once the investigation is concluded.
The exec also said the funds in HTX are secure, and the crypto exchange plans to reimburse the losses from its hot wallet.
“HTX and Heco Cross-Chain Bridge Undergo Hacker Attack. HTX Will Fully Compensate for HTX’s hot wallet Losses. Deposits and Withdrawals Temporarily Suspended. All Funds in HTX Are Secure, and the Community Can Rest Assured. We are investigating the specific reasons for the hacker attack. Once we complete the investigation and identify the cause, we will resume services.”
The suspicious transactions were first flagged by PeckShield, which issued an alert highlighting the transfer of 10,145 Ether, valued at approximately $19 million, was moved from the bridge. Subsequent transactions ensued, involving the transfer of various digital assets like USDC, Chainlink, Shiba Inu, and others to different addresses.
Note the tx is initiated by the operator. Looks like a compromised operator? pic.com/th4Ui0FO3A
— PeckShieldAlert (@PeckShieldAlert) November 22, 2023
Second Exploit in Projects Involving Justin Sun
HTX Eco Chain (HECO) was formally launched on December 21, 2020, and boasted high performance, low gas fees, better cross-chain user experience, etc.
This initiative resulted from the merger of Tron and BitTorrent’s bridge ecosystem, with Sun uniting both ecosystems into HECO in October 2022. The Tron Heco merge was a long-term effort from the developers that aligned with the broader goal of linking numerous blockchain networks.
Meanwhile, the recent breach on the HECO Chain marks the second exploit involving a project associated with Sun. On November 10, Poloniex, an exchange acquired by Sun in 2018, suffered a $125 million exploit. Security analysts suspect that the incident may have stemmed from the compromise of private keys.
Last week, Poloniex reported substantial progress in restoration and disclosed teaming up with a leading security auditing firm in the industry.