In a significant cybersecurity incident, Huobi Global, a prominent global cryptocurrency exchange, fell victim to a cyberattack resulting in the theft of approximately 5,000 ETH, valued at around $7.9 million.
The breach was first reported by CyberAlerts, a trusted crypto security company, which uncovered that the attack’s success was due to a compromise in one of Huobi’s hot wallets, which are online-accessible cryptocurrency wallets.
Confirmation of the attack came from Justin Sun, an investor in Huobi Global, earlier today.
According to reports from CyberAlerts, Huobi has identified the crypto wallet address used by the perpetrators and even managed to determine their identity. In response, the exchange made an audacious move by sending a transaction to the hacker’s wallet address along with a message, as per details on Etherscan.
In the message, Huobi informed the culprits of their known identity and issued a demand for the stolen funds to be returned within a specific timeframe. Huobi has gone a step further, pledging a 5% bonus of approximately $395,000 to the cybercriminals in exchange for the return of the stolen assets. Additionally, the exchange has revealed plans to hire the hacker as a security consultant, as disclosed by Justin Sun.
However, if the stolen funds are not returned within the stipulated timeframe, Huobi has indicated its intent to involve law enforcement agencies.
The crypto community is speculating whether this incident is another strike orchestrated by the notorious Lazarus Group. Cryptocurrency exchanges have been lucrative targets for cyberattacks due to their often vulnerable security systems and the significant crypto assets they hold.
According to a report by Crystal Blockchain, cybercriminals have stolen approximately $16.7 billion in cryptocurrencies between January 2011 and February 2023. The Lazarus Group, an infamous cyberattack organization linked to North Korea, has been suspected of orchestrating several high-profile crypto heists.
On September 11, CertiK, a leading blockchain security platform, identified the Lazarus Group as responsible for a $41 million theft from Stake online casino. The same attacker was found to have swapped and bridged 520,000 MATIC tokens, valued at over $266,000, to the Avalanche blockchain.
Twelve days following the Stake online casino attack, Huobi Global now finds itself as the latest victim in a string of crypto exchange breaches. While there is no concrete evidence connecting this incident to the North Korean cyberattack group, ongoing investigations will hopefully shed light on the perpetrators behind this audacious crypto heist.