Inside the $97 Million Hack: Heco Chain's Security Nightmare
Van Thanh Le•
Nov 23 2023
Breaking Down the Breach
On November 22, 2023, the cryptocurrency world was rocked by a major security breach of the Heco Chain bridge. This critical infrastructure, essential for transferring funds between the Ethereum blockchain and the Heco Chain, was compromised, leading to a substantial financial loss.
Detailed reports from blockchain research experts, including Igor Igamberdiev from Wintermute and analysts at PeckShield, have shed light on the magnitude of this incident.
At first sight, the breach resulted in an estimated loss of $86.6 million, a significant hit to the Heco bridge. Among the stolen assets were various cryptocurrencies, including Ethereum (ETH), Shiba Inu (SHIB), and Chainlink (LINK).
Beyond the Bridge: Additional Exploits
Following closely on the heels of the Heco Chain bridge incident, the crypto exchange HTX reported suspicious activities that bore a striking resemblance to the initial breach.
Igor Igamberdiev highlighted these transactions, which totaled approximately $23.4 million. This secondary exploit raised further concerns about the broader implications of the security lapse within the crypto exchange infrastructure.
In response to these alarming developments, HTX implemented several emergency measures. The exchange began the process of moving funds from vulnerable hot wallets to more secure, designated recovery wallets.
Taking Action: Responses to the Crisis
The HTX exchange’s loss of $13.6 million was part of a broader attack on the HECO Chain bridge. The hackers specifically targeted three HTX Global wallets, ingeniously converting the stolen assets into Ether (ETH) and dispersing them across various addresses.
The aftermath of the breach saw immediate and decisive actions from various stakeholders within the cryptocurrency sector. Justin Sun, a prominent investor in HTX, confirmed the hack and made a public commitment to fully compensate any losses incurred by users due to these security breaches.
Moreover, HTX temporarily suspended both deposits and withdrawals as part of its strategy to manage the situation effectively. After a thorough calculation, the total loss from the combined exploits, involving both the Heco Chain bridge and HTX, was estimated to be around $97 million in various tokens.
A Closer Look at Security Breaches
The initial alert about the breach came from PeckShield, which reported a suspicious transaction involving 10,145 Ether (ETH), valued at approximately $19 million, from the Heco bridge.
Other digital assets, including USD Coin (USDC), Chainlink (LINK), and Shiba Inu (SHIB), were also identified as part of the unauthorized transfers to various addresses. This broad range of affected assets indicated a systemic issue within the Heco bridge's security framework.
The HECO Chain, launched in December 2020, was initially designed to provide a streamlined cross-chain experience with reduced gas fees, an innovation in the blockchain space. However, this incident exposed critical weaknesses in its security architecture.
Blockchain security firm Cyver reported suspicious transfers amounting to $85 million and attributed the attack to a suspected private key leak. This leak allowed unauthorized access to the Heco bridge, compromising its core function of facilitating token transfers between Heco Chain and Ethereum.
An ongoing investigation is underway to determine the specific reasons behind the hacker attack. Services on the Heco Chain are expected to resume once the root cause of the breach is identified and addressed.
Understanding HECO Chain's History
The HECO Chain was established by HTX but operates as an independent entity. This distinction is critical in understanding the operational dynamics and responsibilities in the wake of the security breach.
This recent hack is not the first instance of security challenges faced by HTX. A previous incident in October saw hackers steal $8 million worth of assets from the exchange. In that case, all losses were fully covered, demonstrating HTX's commitment to its users' security.
However, the recurring nature of these breaches raises questions about the long-term viability and security protocols of HTX and associated platforms.
The recent hack also adds to a series of exploits related to Justin Sun, following a $100 million exploit on Poloniex. With HTX and Heco Chain operationally independent, as stated by a spokesperson from HTX, the responsibility for security measures and user protection becomes a paramount concern.
Financial Stability and Speculations
Huobi, before its rebranding to HTX, witnessed significant outflows in August, leading to a TVL drop from $3.09 billion to $2.5 billion, amidst rumors of insolvency and executive resignations.
The financial stability of HTX has come under scrutiny, especially from analysts like Adam Cochran. He pointed out notable discrepancies between the perceived and actual funds within the exchange.
Cochran raised concerns about potential fund diversions to Sun's DeFi applications and the conversion of users' ETH to stETH, suggesting a disparity in Sun's accounts and the reported figures.
Restoration Plans and Security Measures
Post-hack, HTX announced an ambitious plan to restore services, including deposits and withdrawals, within 24 hours. Emphasizing their commitment to user asset and information security, HTX promised to implement stringent measures to avert similar incidents in the future.
The repeated hacks on Justin Sun's platforms, including HTX and Poloniex, have raised serious concerns within the crypto community. Since its rebranding from Huobi, HTX has been hacked twice, with Poloniex suffering a $100 million exploit due to a private key compromise.
The cumulative loss from these four hacks amounts to approximately $208 million. Despite Sun's assurance of compensating all losses, the repeated breaches have inevitably shaken the community's confidence in these platforms.
Amidst these security challenges, Justin Sun has been facing legal hurdles with the U.S. Securities and Exchange Commission, which has charged him with fraud and other securities law violations. This legal entanglement adds another layer of complexity to the situation, potentially impacting the future operations of these platforms and their ability to safeguard user assets.
The Big Picture: Key Learnings
This incident is a critical reminder of the vulnerabilities in cryptocurrency operations, especially in cross-chain activities. The rapid transfer of stolen funds and the potential compromise of private keys highlight an urgent need for enhanced security measures in the blockchain realm.
Frequently Asked Questions (FAQs)
1. What is the Heco Chain Bridge and its Role?
The Heco Chain Bridge serves as a conduit for transferring assets between Ethereum and Heco Chain. It's pivotal in facilitating cross-chain operations, particularly with reduced gas fees.
2. How Much Was Stolen in the Heco Bridge Hack?
The breach led to a loss of $86.6 million. This includes various assets like ETH, SHIB, and LINK.
3. What Measures Did HTX Take Post-Breach?
HTX responded by:
- Moving funds to a recovery wallet.
- Suspending withdrawals and deposits.
- Committing to fully compensate affected users.
4. What are the Implications of These Security Breaches for the Crypto Industry?
These incidents underscore the need for:
- Stronger security protocols.
- Heightened vigilance in cross-chain transactions.
- Enhanced user protection measures by exchanges.
5. What Historical Context Surrounds HECO Chain's Security Issues?
HECO Chain, despite its independence, has faced multiple security breaches:
- An $8 million hack in October, fully compensated.
- Repeated security challenges linked to Justin Sun's ventures.
- A pattern of vulnerabilities in cross-chain operations.
This article has been refined and enhanced by ChatGPT.