In late September, HTX – Huobi’s rebranded global exchange – was hit by an attack that left it almost $8 million in the hole.
The attacker made off with 4,997 ETH, worth about $7.9 million, from the exchange’s hot wallet. At the time, HTX CEO Justin Sun stated that the identity of the attacker had already been uncovered and urged them to return the funds in exchange for a 5% white hat bounty within a week. In return, Sun promised to refrain from taking legal action.
Hours after the attack, Sun informed his community that all stolen ETH had been covered by the exchange’s reserves.
“HTX has fully covered the losses incurred from the attack and has successfully resolved all related issues. All user assets are #SAFU and the platform is operating completely normally. $8 million represents a relatively small sum in comparison to the $3 billion worth of assets held by our users. It also amounts to just two weeks’ revenue.”
Nevertheless, the hunt for the exploiter was already underway.
At the time of the hack, Sun gave the attacker one week to return the funds. Although that deadline was missed by nearly a week, it’s probable that the perpetrator got in contact with the exchange, and the grace period was merely due to the attacker requesting assurances that they would really not be prosecuted.
Yesterday afternoon, the funds were returned to the exchange’s hot wallet, according to on-chain data.
It looks like the HTX/Huobi hacker has returned the funds (4997 ETH)
0x48bd1179529343c7a970045290fd2b0b1d946f64e17c443a528e24bf7cdbb817 pic.twitter.com/MknehuhM6x
— ZachXBT (@zachxbt) October 7, 2023
The transaction was confirmed by both security researcher ZachXBT and Sun himself.
Something worth noting is that the entire amount was returned, after which HTX sent the bounty back to the hacker.
“We have confirmed that the hacker has fully returned all funds, as promised, and we have also paid the hacker a white hat bonus of 250 ETH. The hacker made the right choice. We would like to express our gratitude to everyone in the industry for their help!”
Generally, when deals like this are made, the exploiter keeps the promised bounty and returns the rest.
It’s unclear why the entire amount was returned to the sender before the attacker-turned-white-hat received his promised bounty. It’s possible that this exchange took place in order to remove any possibility of a future lawsuit since the attacker could now prove that they were no longer in control of any stolen funds whatsoever.
