Original | Odaily Planet Daily
Author | Nanzhi
On-chain data shows that at 18:00 today, Heco Bridge had a withdrawal operation of 10,145 ETH. According to Paidun’s monitoring, the operation was carried out by a compromised operator.
The Heco Bridge contract code interacted with by the attacker shows that the function withdrawNative used by the attacker can transfer a specified amount to a specified address, but requires a series of verification codes.
Subsequently, other assets were continuously transferred out. As of 20:05 (UTC+ 8), a total of $86.6 million worth of assets were transferred, including 42 million USDT, 489 HBTC and other assets. Paidun further stated that the "compromised operator" has been operating since October 8, 2022.
In addition to the HECO bridge, the cryptocurrency exchange HTX is expected to have other vulnerabilities, with $23.4 million in suspicious transfers, according to The Block.
At present, in addition to the transfer operation from Bridge, the attacker has only carried out a series of exchange operations, exchanging the stolen currency for 31,281 ETH. Together with the initial 10,145 ETH, the attacker holds a total of 41,426 ETH.
At around 8:30 in the evening, Justin Sun responded to the attack on the X platform: "HTX and Heco cross-chain bridge were hacked. HTX will fully compensate the HTX hot wallet for losses. Recharges and withdrawals are suspended. Please rest assured that all HTX funds are safe. We are investigating the specific cause of the hacker attack. Once we complete the investigation and find out the cause, we will resume service."
According to the monitoring of the Cyvers Alerts AI system, HTX has transferred the remaining assets to the "Houbi Recovery" address. The HTX loss disclosed by Cyvers Alerts is approximately US$12.4 million.
Poloniex 100 million stolen case still unsolved
Just 12 days ago, hundreds of millions of dollars of assets were stolen from Poloniex, owned by Justin Sun. Last Friday (November 17), Poloniex announced that it would resume deposit and withdrawal functions this week, but it has not yet been opened.
Four days ago, Justin Sun said that the actual identity of the Poloniex attacker had been clarified. Justin Sun left a message to the Poloniex attacker on the chain: "We have confirmed your identity, and the police in China, the United States and Russia have also intervened. All stolen funds have been marked for tracking and cannot be used, and the counterparties will be frozen. Return (funds) before November 25, 2023, and we will offer a $10 million white hat bounty. If it is not returned by then, police forces in multiple countries will take action."
The total amount stolen far exceeds HTX’s quarterly revenue
Last month, HTX released its third-quarter financial report, with operating income of US$24.75 million in the third quarter, far from the amount stolen.
In addition, Justin Sun announced the overall profitability of all his companies on October 26: "Actual revenue in the third quarter was US$202 million, expenditure was US$104 million, and profit was US$98 million, a month-on-month increase of 14%."
Based on this calculation, the total amount of the thefts in the two incidents has exceeded the group's third-quarter business revenue.
Odaily Planet Daily will continue to follow up on the subsequent developments of the attack.
