Suspected $5M+ Hedera Exploit Sends Funds to Ethereum via LayerZero
AI Market Summary
Researchers flagged a suspected $5M+ exploit moving assets from Hedera to Ethereum via LayerZero, with proceeds swapped into ETH and linked to wallets monitored by Specter and PeckShield. HBAR fell over 2% on the reports, reflecting heightened protocol and bridge-risk premia. With no official Hedera statement and continued on-chain movements, near-term sentiment may remain cautious across HBAR and related cross-chain infrastructure.
Impact level
● Medium
Affected assets
HBAR/USDT-0.63%
AI Insight · HBAR/USDTAI Insight
▼ Bearish
Trade now
⚠️ AI-generated insights are based on news content and are provided for informational purposes only. They do not constitute investment advice or represent the views of BingX. Investing involves risk. Please trade responsibly.
Security researchers say a suspected exploit is moving millions of dollars from Hedera to Ethereum, putting users and incident responders on alert and pushing HBAR down more than 2%.
What researchers are seeing
Security researcher Specter reported that an attacker bridged about $3.7 million from Hedera to Ethereum using LayerZero, then converted WBTC proceeds into ETH. Specter also shared two wallet addresses believed to be connected to the activity. On-chain trackers later observed the suspected haul increasing.
CryptoBull360 estimated the suspect wallet at roughly $5.8 million, consisting of about 3,203 ETH (around 80% of holdings) with the balance held in WBTC.
Blockchain security firm PeckShield produced a separate snapshot estimating about $5.25 million bridged. At the time of its analysis, PeckShield reported the wallet held approximately 2,360 ETH (about $4.25 million) and 15.58 WBTC (about $1 million). PeckShield also noted the wallet's initial funding traced back to a 1 ETH deposit routed through Tornado Cash, describing this as chain history rather than proof of the attacker's identity.
Market impact and response
HBAR was trading near $0.069 and fell more than 2% after the reports circulated. Researchers described the theft as active and changing, with multiple inbound transfers in a short window followed by swaps into ETH once funds reached Ethereum.
Neither Specter nor PeckShield has attributed the activity to a specific actor. Hedera had not issued an official statement at the time of reporting. Security teams continue monitoring the addresses and publishing updates as additional on-chain activity appears.
Broader backdrop
The episode follows a string of recent crypto security incidents: Blockaid warned of an active exploit targeting Summer.fi with estimated losses of about $6 million; Ctrl Wallet said it will wind down following a Cardano wallet exploit; and Secret Network proposed migrating SCRT from Cosmos to Arbitrum, citing security and liquidity concerns.
The situation remains fluid. Market participants will be watching for any containment measures from Hedera and for further attribution or recovery updates from the security community.