HTX (Huobi Global) to Resume Deposits and Withdrawals After $13.6 Million Exploit

Hassan Shittu
Last updated: | 3 min read
HTX Fixed
Source: iStock

Crypto exchange HTX, formerly known as Huobi Global, said it “has now properly handled this attack,” and it will resume deposits and withdrawals within 24 hours after suffering a $13.6 million exploit on Nov. 22.

In a Nov. 23 announcement on its official website, Huobi HTX responded to a recent security incident, pledging to fully compensate for the losses incurred and ensuring the complete safety of user funds. According to the statement, the funds lost in the attack constitute only a minimal portion of the platform’s total funds, and the normal operation of Huobi HTX remains unaffected, reassuring users.

In the statement, HTX said:

“Huobi HTX has now properly handled this attack. Huobi HTX once again promises to fully compensate for the losses caused by this attack and 100% guarantee the safety of user funds. The amount of funds lost by Huobi HTX this time accounts for a very small amount of the total funds of the platform. The normal operation of Huobi HTX will not be affected by this. Users should rest assured.”

Huobi HTX aims to mitigate the impact of the security breach by promising comprehensive compensation for any losses experienced by users. The platform emphasizes that the incident’s financial ramifications are limited, and users can have confidence in the ongoing operational integrity of Huobi HTX.

The announcement also conveys the platform’s commitment to swiftly restoring normal services, with Huobi HTX expected to resume deposit and withdrawal services within 24 hours. However, users are encouraged to stay informed by regularly checking the platform’s official announcements for updates on the specific timing of the service resumption.

Security Woes Continue for HTX as $13.6 Million Loss Adds to a Series of Exploits

In a series of concerning developments, HTX encountered a significant security incident on Nov. 22, suffering an estimated loss of $13.6 million. The incident unfolded as part of an $86.6 million exploit against the HECO Chain Bridge involving HTX, Tron, and BitTorrent, all of which are linked to or de facto controlled by Chinese blockchain entrepreneur Justin Sun.

Blockchain security firm Cyvers released findings on the exploit, revealing that the losses originated from three compromised hot wallets. In this sophisticated attack, users and exchange assets were converted into Ether (ETH), and the stolen funds were subsequently disbursed to various Ethereum addresses. The impact of the exploit extended to a variety of coins and tokens, with notable losses, including 1,240 ETH, 7.3 million USDT, 1.78 million USD Coin (USDC), and 62,200 LIN (LINK).

In response to the incident, HTX emphasized its commitment to user asset protection and information security, vowing to take all necessary measures to prevent future occurrences. However, this incident follows a troubling pattern, as HTX and Sun-linked entities have experienced four hacks in the past two months.

Security Woes Persist as HTX and Sun-Linked Entities Endure Fourth Hack in Two Months

In a distressing trend, HTX and entities linked to Justin Sun have fallen victim to yet another security breach, marking the fourth hack in the past two months. The most substantial incident was the $100 million exploit targeting Poloniex on Nov. 10, which stemmed from an apparent compromise of private keys, as indicated by blockchain security firm CertiK.

In response to the suspicious outflows, the Poloniex team promptly disabled the affected wallet. Justin Sun, taking to X (formerly Twitter), assured users that the platform maintains a healthy financial position. He pledged full reimbursement to affected users and expressed intentions to collaborate with other exchanges to recover the lost funds.

This incident follows a concerning pattern of security breaches involving Sun-linked entities. In September, HTX suffered an $8 million loss due to another hot wallet exploit. Despite the reassurances at the time, claiming that “all user assets are SAFU and the platform is operating completely normally,” the recurrence of security incidents raises questions about the overall safety and resilience of these platforms.