Blockchain security platform Cyvers announced on Wednesday that its system detected multiple suspicious transactions on the HECO Chain cross-chain bridge, with approximately $85 million in assets received by the suspicious address from the bridge. Shortly after, Cyvers Alerts again monitored multiple suspicious transactions in the hot wallet of HTX exchange, with 1,240 ETH (valued at about $2.5 million) transferred to a suspicious address, followed by the receipt of USDT, LINK, and USDC from the same address. Cyvers Alerts stated that the suspicious address would exchange all received assets into ETH and distribute them to different EOA wallets, estimating a total loss of $12.4 million from the HTX hot wallet.
Meir Dolev, founder and CTO of Cyvers, mentioned that the HTX hot wallet and HECO Chain cross-chain bridge might be operated by the same entity, with a total estimated loss of around $100 million.
Update at 20:08 on 11/22:
According to reports from “The Block”, based on statements from Igor Igamberdiev, head of research at Wintermute, and blockchain security firm PeckShield, the initial estimate for the total loss on the HECO Chain cross-chain bridge is $86.6 million. These funds were immediately transferred to decentralized exchanges and exchanged for other tokens, leading PeckShield to suspect that the bridge may have been hacked or subjected to a rug pull. Additionally, Igamberdiev estimated that the suspicious transfers from the HTX hot wallet had reached $23.4 million.
Sun Yuchen confirmed on the X platform that HTX and Heco cross-chain bridge were attacked by hackers, and HTX will fully compensate the losses of the exchange’s hot wallet. The platform’s deposit and withdrawal functions have been temporarily suspended, and an investigation is currently underway into the incident.