Hedera Network Exploit Drains $5.8M as HBAR Slides 2%

2 hours ago 22
Hedera network exploit

More than $5.8 million drained from Hedera Network and quietly moved to Ethereum — that’s the picture blockchain security researchers are piecing together after a suspected exploit hit the network, sending HBAR into a slide and raising fresh questions about cross-chain security vulnerabilities.

Key takeaways

  • A suspected Hedera network exploit moved over $5.8 million in assets to Ethereum, up from an initial $3.7 million bridged in early transfers.
  • The attacker used LayerZero to bridge funds cross-chain, then swapped Wrapped Bitcoin (WBTC) for Ether (ETH).
  • HBAR fell more than 2% to around $0.069 following the reports.
  • The attacker’s wallet was initially funded with 1 ETH sourced from Tornado Cash, complicating attribution efforts.
  • Neither the responsible party nor the official total loss figure has been confirmed; the investigation remains active.

Suspected Hedera network exploit transfers over $5.8 million to Ethereum

The Hedera network exploit unfolded in stages, with the damage growing as researchers tracked each new on-chain transaction. Blockchain security researcher Specter was among the first to flag the incident, reporting that the suspected attacker had already bridged more than $3.7 million worth of assets from Hedera to Ethereum before further transfers pushed that figure higher.

According to CryptoBull360, the estimated value of the attacker’s wallet later climbed to roughly $5.8 million, indicating that more assets continued flowing out after the initial transfers were flagged. At that stage, the wallet held approximately 3,203 ETH — representing nearly 80% of the portfolio — alongside a roughly 20% position in WBTC.

How the attacker moved the funds

The mechanics of the theft point to a deliberate, multi-step strategy. According to both Specter and PeckShield, the attacker bridged assets from the Hedera mainnet to Ethereum using LayerZero, one of the most widely used cross-chain interoperability protocols in the DeFi ecosystem. Once on Ethereum, the stolen assets were converted from Wrapped Bitcoin (WBTC) into Ether (ETH).

PeckShield’s independent analysis placed the wallet’s holdings at around 2,360 ETH (valued at roughly $4.25 million) and 15.58 WBTC (worth approximately $1 million) at the time of its assessment. That’s a slightly different snapshot than Specter’s later figures, reflecting how quickly assets moved through the wallet in real time.

Notably, PeckShield also flagged that the wallet had originally been seeded with 1 ETH sourced from Tornado Cash — the crypto mixing service long associated with efforts to obscure transaction origins. That detail confirms intentional preparation but does not identify who controls the address or who executed the attack.

Market impact and security monitoring

Markets responded almost immediately to the exploit reports. HBAR dropped more than 2%, trading near $0.069 as news of the suspected breach spread. The sell-off was swift, reflecting how sensitive token prices can be to security headlines, even when the full scale of an incident remains unconfirmed.

Wallet tracking by Specter and PeckShield

Both Specter and PeckShield moved quickly to publish the wallet addresses they believed were linked to the incident, giving the broader community a way to monitor further movements. That kind of real-time on-chain surveillance has become a standard first response to crypto exploits — researchers essentially broadcasting the attacker’s footprint publicly in hopes of slowing their ability to cash out or obfuscate further.

The fact that two independent security firms arrived at similar conclusions, tracking overlapping wallet activity and publishing corroborating data, adds credibility to the reported figures even in the absence of an official statement from Hedera.

Ongoing investigation and uncertainty surrounding attribution

As of the time of reporting, neither the responsible party nor a definitive total loss estimate has been officially confirmed. That’s a meaningful caveat. The figures cited by Specter and PeckShield reflect on-chain observations, not audited assessments, and the wallet’s value was still shifting as new transactions appeared.

The use of Tornado Cash to fund the attacker’s wallet complicates attribution significantly. Mixing services are specifically designed to break the on-chain trail between a funding source and subsequent activity, which means tracing the attack back to any individual or group becomes far harder — and often impossible without off-chain intelligence.

A broader pattern of crypto security stress

The Hedera incident doesn’t sit in isolation. Around the same period, security firm Blockaid flagged an active exploit targeting Summer.fi, estimating losses of about $6 million at the time of its alert. Separately, Ctrl Wallet announced it would permanently shut down following a security exploit affecting some Cardano wallets, giving users until August 3 to withdraw their funds. Meanwhile, Secret Network proposed migrating its SCRT token from Cosmos to Arbitrum, with the team citing security risks, weaker liquidity, and an aging codebase in a July 7 governance proposal.

Taken together, these incidents paint a picture of persistent, evolving pressure on blockchain security infrastructure — particularly at the cross-chain layer, where interoperability protocols like LayerZero act as high-value targets precisely because they connect ecosystems that might otherwise be isolated from one another. An attacker who can exploit a vulnerability at that bridge point gains access to liquidity across multiple networks simultaneously.

Blockchain security researchers are continuing to monitor the flagged addresses and publishing updates as new transactions appear. What matters now is whether the Hedera team responds with a formal assessment of the breach — and whether that response comes before further funds move out of reach.

FAQ

How much cryptocurrency was moved in the suspected Hedera exploit?

According to blockchain security researchers Specter and PeckShield, more than $5.8 million in assets were moved from Hedera Network to Ethereum. Initial transfers accounted for approximately $3.7 million, with additional funds moving later.

What method did the attacker use to transfer stolen assets?

The attacker bridged funds from Hedera to Ethereum through LayerZero, a cross-chain interoperability protocol, and then swapped Wrapped Bitcoin (WBTC) for Ether (ETH) on Ethereum.

What was the impact of the exploit on the HBAR token price?

HBAR fell more than 2% to around $0.069 following reports of the suspected exploit.

Has the responsible party for the exploit been identified?

No. Neither Specter nor PeckShield identified the party responsible, and no official estimate of total losses has been released. The attacker’s wallet was initially funded with 1 ETH from Tornado Cash, which further complicates attribution. The investigation remains ongoing.

Article produced with the assistance of artificial intelligence and reviewed by the editorial team.

Read Entire Article