Transform your $HAI holdings into Hacken shareholder status. Only 100 slots available. > Learn more and join the waitlist here.

  • Hacken
  • Blog
  • Insights
  • Heco Bridge Hack Explained

Heco Bridge Hack Explained

By Hacker Hacken

Share via:

The DeFi world was shaken by a sophisticated exploit targeting the Heco chain bridge, resulting in a loss of $87 million. The attack didn’t stop there; HTX’s hot wallets were also compromised, leading to an additional $12 million theft.

Inside The Attack

The initial breach was identified when a staggering $87 million was siphoned off through the Heco chain bridge. A closer inspection of the blockchain revealed the trail of stolen funds across multiple addresses:

The attack was carried out by transferring assets to externally owned accounts (EOAs) and swapping them for Ethereum (ETH).

HTX, also a victim, lost about $12 million from its hot wallets. In an attempt to secure what was left, the HTX team transferred all the funds from some of their hot wallets to a Huobi Recovery address, 0x18709e89bd403f470088abdacebe86cc60dda12e.

Additional addresses linked to the stolen funds are as follows:

The common denominator in these breaches appears to be compromised private keys, echoing the vulnerability that led to a previous $125 million hack on another of Justin Sun’s ventures, the Poloniex exchange. Justin Sun has assured the community that HTX will fully compensate for the losses and that an investigation is underway to uncover the specific causes of the exploit.

Lessons Learned

The recurrence of such high-profile attacks suggests that the robustness of private key management and operational security needs to be re-evaluated. The repeated nature of these incidents on Justin Sun’s platforms suggests a potential systemic issue that needs to be addressed.

Moreover, these incidents serve as a critical reminder about the essential role of wallet security. Ensuring the safety of wallets through continuous real-time monitoring, quick action in response to any suspicious activity, thorough security checks, and strict adherence to the best practices for handling private keys is paramount to protecting assets in the DeFi ecosystem.

Follow @hackenclub on 𝕏 (Twitter)


The Heco chain bridge and HTX exploits are sobering reminders of the potential risks in the DeFi space. These incidents reinforce the need for the Web3 community to adopt a security-first mindset. As we await the findings of the ongoing investigations, the responsibility lies with every stakeholder in the ecosystem to bolster their defenses, anticipate breach attempts, and fortify the trust in the technology that underpins the future of finance.

subscribe image
promotion image

Subscribe to our newsletter

Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.

Read next:

More related
  • Blog image
    Ripple Hack Explained: A Deep Dive into the Recent XRP Heist Hacker H.
  • Blog image
  • Blog image

Get our latest updates and expert insights on Web3 security