cryptocurrency widget, price, heatmap
Burger icon
cryptocurrency widget, price, heatmap
News/Exposed: HTX's $8M Ether Debacle and Justin Sun's Swift Action

Exposed: HTX's $8M Ether Debacle and Justin Sun's Swift Action

Van Thanh Le

Sep 28 2023

9 months ago3 minutes read
Robot hacker with floating Ether coins depicting HTX breach

Anatomy of the Heist

The dawn of September 24, 2023, fell heavily on cryptocurrency exchange HTX, previously christened Huobi. This precarious date set the stage for a coordinated cyber-raid targeting the exchange’s wallets. 

The criminal group snagged a hefty 5,000 Ether (ETH), and based on the Ethereum market cap and crypto coin prices at that moment, the loot was worth a staggering $7.9 to $8 million. Justin Sun, known in the blockchain fraternity as the creator of Tron and as an advisor to HTX, publicly validated the encoded onslaught via a Twitter post on September 25, 2023. 

Further investigation revealed the victim to be an HTX hot wallet, which had previously accrued approximately $500 million from Binance deposits since its origination in March.

Implications on the Balance Sheet

Even though the stolen sum was jaw-dropping, when you look at it against the backdrop of HTX's $3 billion user asset pool, the crypto price of the stolen assets barely made a dent. Nonetheless, the loss did sting HTX’s operating revenues by equating to roughly two weeks of garnered earnings, as articulated by Justin Sun. 

The aftermath of the breach witnessed HTX deplete over -$40 million in customer deposits as per DeFiLlama’s assessment.

huobi netflow.webp
Source: DefiLlama

Counter-Attack and Damage Control

As the dust settled, HTX promptly absorbed the losses from its own reserves, thereby safeguarding their user assets. Justin Sun announced the "swift identification, rectification and resilience restoration of platform operations without significant delay." 

In a unique cybersecurity maneuver, HTX offered a "white-hat bonus" of 5%, approximately $400,000, to the perpetrator in hopes of recovering the stolen funds.

Market Response to the Breach

In the 24 hours following the breach, the exchange's native HT token experienced a modest 1.52% dip, as reflected in Coin360’s real-time cryptocurrency charts


Ironically, the hack initially went unnoticed in the bustling crypto market traffic until cybersecurity firm Cyvers Alerts shone a light on it at 9:35 AM ET, around an hour before Justin's public disclosure.

Legal Ambiguity and Ethical Quandary

In an unorthodox move, Justin Sun offered the hacker employment as a security advisor specializing in ethical hacking, or white-hat hacking, on top of the 5% white-hat bonus. The dangling carrot, however, came with a tightly wound stick - a firmly set deadline till October 2, 2023, post which HTX would resort the legal channels to reclaim their lost assets.

justin message to hacker.webp
Source: Etherscan

Media Interaction and Perspectives

To ease the nerves of rattled investors, Justin Sun tweeted, "HTX has absorbed all losses, making sure your crypto price investments remain secure." Sun further attempted to incentivize the hacker's cooperation with the message, "HTX is extending a $400,000 bug bounty invitation to the hacker upon the return of the pilfered funds."

Scanning the Backdrop

This surgical strike on HTX's digital assets followed less than a fortnight after Huobi's strategic rebranding to HTX. Seemingly undeterred, HTX showcased its resilience by announcing plans to pursue additional licenses across multiple jurisdictions, anticipating a surge in user adoption.

Chronology of the Breach

  • September 24, 2023: The cyber-heist is effected.
  • September 25, 2023: Justin Sun verifies the breach and assures liability coverage.
  • October 2, 2023: Deadline set by HTX for the hacker to initiate return of stolen assets and claim white-hat reward.

HTX's Response: Launch of SAFU

Exhibiting resilience in the wake of a massive $7.9 million breach on September 24, HTX has executed a strategic move by setting up a Secure Asset Fund for Users, commonly referred to as SAFU. 

Conceptualized as a financial safety blanket, SAFU could alleviate frustrations amidst investors while enabling damage control in the event of hacks or unforeseen asset losses on the exchange platform.

In a public announcement on the topic of the sudden loss, HTX global adviser, Justin Sun, articulated that the introduction of SAFU wasn't the only battle plan. Sun mentioned that HTX has installed real-time monitoring mechanisms geared toward thwarting similar adversarial exploits in the future. 

He underlined HTX's staunch commitment toward the security of user assets, going so far as to claim that the platform's multi-backup, multi-signature cold wallet system would ensure a 100% safeguard against such cyber onslaughts.

Interestingly, Sun hinted that SAFU's provisions allow a potential reward for the transgressor behind the $7.9 million exploit, on condition that the stolen assets are returned. 

Further sweetening the pot, HTX also left a door ajar, suggesting that the alleged hacker may be offered a position as a security white hat advisor within the framework of the company. However, specifics relating to the exact composition of the SAFU fund remained undisclosed.

Inside View: Is HTX's Honeypot Adequate or Overdrawn?

This brings us to some startling revelations by Adam Cochran, Managing Partner at Cinneamhain Ventures. According to Cochran's assessments, HTX's coffers might be in a precarious state – running a bone-dry shortfall of $2.4 billion. 

Cochran extrapolated this figure by suggesting that Justin Sun, the founder of Tron, boasts the majority stakes in HTX yet doesn't currently hold enough reserves to match the matured customer deposits - a gap he quantifies at a staggering $2.4 billion.

He reportedly scrutinized available data, comparing Huobi's projected holdings with their actual reserves. Huobi's boasted holdings of Ethereum had been announced to be a hefty $200 million. 

However, upon inspection of data from DefiLlama, when accounting for wrapped and staked ETH, the actual Ether holdings were significantly lower, rounding up to about $120.8 million.

Digging further, the underbelly of Huobi's Tether (USDT) stable coins held another unsettling revelation. Cochran claimed that Huobi's Tether holdings barely crossed $120 million, which falls incongruously short of their projected USDT holdings of $624 million.

huobi usdt balance (1).webp
Huobi's USDT balance as of September 28, 2023. Source: DefiLlama

Cochran found another bone to pick with Huobi's operations, pointing out that 14.7% of Huobi's stored reserves are invested in staked Tether (stUSTD) tokens. As a contentious entity, these stUSTD tokens promise a lucrative 4.2% return generated from short-term government debt – promises that Cochran alleges are not met.

Highlighting what could be damning evidence, Cochran drew attention to the questionable minting of $815 million worth of TrueUSD by Sun in the last week. Following this minting spree, stUSDT tokens, hinged on the newly minted stablecoins, burgeoned to a stunning total value of $1.8 billion within a three-month span. Given the precarious ties Huobi has with stUSDT, this development smells of uncertainty.

Rounding up this deep-dive, Cochran also revealed that Sun, as a critical player in the HTX drama, isn't new to turbulent waters. In March, he had been slapped with a legal suit by SEC for allegedly violating securities law and indulging in market manipulation with his tokens, TRX and BTT

Cochran's revelations certainly place HTX, and Justin Sun, amid swirling controversies, and it remains to be seen what countermeasures they employ.

Final Notes: Key Takeaway

The HTX saga unravels several facets behind cybersecurity proactiveness and the dilemmas of crisis governance in the pulsating world of cryptocurrency. While HTX's decisive response curtailed the financial hemorrhaging, the event underscores the need for fortified security infrastructure and transparency in investor communications. 

Offering a lucrative ‘white-hat bonus’ and a job offer to the perpetrator unveils a fresh perspective on cybersecurity strategies within the dynamic realm of digital currencies.

Frequently Asked Questions

1. Quantify the financial impact of the HTX security infringement in light of its total assets?

The stolen sum of $7.9 million to $8 million, while appreciable, corresponds to a minute fraction relative to HTX's user assets worth $3 billion.

2. Describe HTX's rapid countermeasures post-breach?

HTX assumed liability for the losses utilizing its own capital. Additionally, a 5% white-hat reward, calculated about $400,000, was offered to the hacker for the return of stolen assets.

3. Unveil the market dynamics subsequent to the HTX breach?

Post-breach, the HTX native token, HT, saw a slight 1.24% drop, trading at $2.43 as per the data on Coin360.

4. How did the HTX breach augment discussions on cryptocurrency exchange security?

The breach exposed vulnerability points, thus amplifying the need to rethink and reinforce security precautions while shedding light on the importance of transparent communication in crisis scenarios.

5. What legal and ethical strings were pulled in the aftermath of the HTX breach?

Surprisingly, besides the 5% bonus lure, HTX offered the hacker an employment contract. However, HTX marked October 2, 2023, as the deadline for stolen asset return before pursuing legal action.

This article has been refined and enhanced by ChatGPT.

cryptocurrency widget, price, heatmap
v 5.6.19
© 2017 - 2024 All Rights Reserved.