A recent rash of hacks has seen several big platforms lose multi-millions of dollars. How can the rising wave of cyber crime be stopped?
Justin Sun's Platforms Targeted
On November 22, Justin Sun's crypto platform HTX (formerly Huobi Global) and its associated HECO Chain's Ethereum Bridge fell victim to a coordinated cyber attack. This breach led to a staggering total loss of around $117 million, with HTX's hot wallets and the HECO Chain Bridge losing approximately $30 million and $86.8 million, respectively. The compromised assets included a diverse range of cryptocurrencies including USDT, HBTC, SHIB, UNI, LINK and ETH, according to blockchain security firm PeckShield.
The hack was traced back to a compromised operator account, which inadvertently exposed private keys. This breach allowed attackers to withdraw funds directly from a privileged address. Substantial amounts of ETH and USDT were stolen in the HTX attack, while assets from the HECO Bridge were converted into Ethereum and distributed across various addresses.
Justin Sun acknowledged the attack on X and committed to covering all losses. He also temporarily halted deposits and withdrawals at HTX until the investigation was concluded and safe service resumption was assured.
Despite these setbacks, HTX soon reported that it had managed the attack effectively and resumed services. It emphasized that the lost funds constituted only a small fraction of the platform's total assets. The HTX DEX, which includes deposit and withdrawal for ETH, BTC, Tron (TRX) and USDT, announced it had resumed operations on November 26.
These incidents form a part of a larger pattern of security breaches at entities linked to or controlled by Sun. After HTX's rebranding in mid-September, the exchange suffered its first hack on September 24, resulting in a $8 million loss. Additionally, the Poloniex exchange, acquired by Sun in 2019, experienced a significant breach on November 10, with around $114 million stolen due to compromised private keys. The Lazarus Group, known for its sophisticated cyberattacks, is suspected to be behind the Poloniex attack.
Poloniex's response to the breach included disabling its wallet for maintenance. Sun reassured users and investors of full reimbursement for affected funds and offered the hacker a white hat bounty, encouraging the return of stolen assets.
1,577 ETH Exploited From Raft
The exploit's core was a precision calculation issue in the minting process of share tokens. By exploiting this, the attacker obtained extra share tokens by manipulating the collateral token's index rate, specifically in the mint function of the rcbETH-c contract. This led to the unauthorized creation of about $6.7 million in unbacked R stablecoin.
The attack involved a series of strategic steps: the attacker first donated and liquidated cbETH to manipulate the collateral token's index rate. Using a flash loan, they borrowed 6,000 cbETH from Aave, and transferred and liquidated 6,001 cbETH to the InterestRatePositionManager contract. The index manipulation allowed the minting of minuscule share amounts repeatedly, amassing 6,705,028 R tokens.
However, a coding error lost 1,570 ETH (about $3.25 million) to a burn address, turning the attackers' profit into a net loss. They attempted to convert the minted R stablecoin through pools on Balancer and Uniswap, but the significant ETH loss overshadowed these efforts.
Raft suspended all minting activities and temporarily halted smart contracts to manage the situation and mitigate risks. The platform said it is actively working with law enforcement to trace the stolen funds and identify the attacker. Raft said on November 24 that its recovery plan resulted in a 42% recovery rate.
"Raft will voyage again"
Meanwhile, the attacker behind last week's KyberSwap hack is still playing cat and mouse with the DEX over bounty negotiations.
These recent attacks on DeFi platforms reveal not only the sophisticated capabilities of hackers but also the urgent need for more robust security frameworks and better regulation.
They reflect the industry's growing pains, challenging DeFi actors to balance innovation with security. In essence, these incidents are a call to action for the crypto community to fortify defenses and establish more resilient systems to protect users, investors, and the integrity of the DeFi ecosystem.