November 24, 2023

Heco Bridge hacked over $83M and Kyber exploited over $48M. How should we be more vigilant after these two security incidents?

In the past two days, two major security incidents occurred in the Web3 space, which shocked the entire market. The two security incidents involved a sum of approximately $130 million, causing widespread concern.

Justin Sun is targeted by hackers again

On November 22, according to Beosin EagleEye security risk monitoring, warning and blocking platform, HECO Chain Bridge was attacked by hackers and a large amount of ETH and various tokens were stolen.

At present, the attacker has converted all 7 stolen tokens into ETH, including the directly stolen ETH and the total stolen value exceeds 41,000 ETH. The attacker deposited all ETH into the following 11 addresses and has not moved them yet. Beosin Trace will continue to track stolen funds.

Fund storage address:












After the attack, Justin Sun tweeted that HTX and Heco cross-chain bridge were hacked. HTX will fully compensate for the loss of HTX hot wallet. Deposits and withdrawals are suspended. All HTX funds are safe and the community is assured. They are investigating the hacker attack. Once they complete their investigation and identify the cause, they will restart service.

Kyber Network was exploited

In the early morning of November 23, according to Beosin’s EagleEye security risk monitoring, warning and blocking platform, KyberSwap was attacked by hackers.

As you can see from the EagleEye dashboard, this incident resulted in the theft of approximately $48 million in various crypto assets, mainly including 16,217 ETH, 3,987,332 ARB, 591,441 OP and 1,111,926 DAI.

Immediately, Kyber Network issued a statement saying that KyberSwap Elastic experienced a security incident. As a precautionary measure, it is strongly recommended that all users withdraw funds immediately. The team is carefully investigating the situation and promises to regularly report the latest situation.

The Beosin security team analyzed that the reason was that manipulating the tick interval boundaries allowed attackers to double increase liquidity, leading to the project being attacked.

Finally, the hacker showed off and left a message on the chain, saying, "After I have a good rest, we will negotiate in a few hours."

The Kyber team is still trying to communicate with hackers. At the same time, the KyberSwap security incident has once again triggered widespread concern in the crypto market about DEX security. This incident once again reminds users to be careful when choosing a DEX platform and take necessary security measures to protect your funds.

These security incidents once again highlight the vulnerabilities and challenges in Web3 security. Although blockchain technology has the characteristics of decentralization and security, there are still risks of vulnerabilities and attacks and security audits are very necessary.


If you need any blockchain security services, welcome to contact us:

Official Website Beosin EagleEye Twitter Telegram LinkedIn

Related Project

Related Project Secure Score

Guess you like
Learn More
  • A Security Perspective on the GameFi Fren Pet Across the Entire Chain

    November 23, 2023

  • Understanding the RGB Protocol: Bridging Bitcoin and Smart Contract

    November 24, 2023

  • Unlicensed Exchanges Collapse - How Should Users Guard Against It?

    November 28, 2023

  • Unlocking Web3 Business Insights and Risks: The Power of Beosin API Features!

    November 30, 2023

Join the community to discuss.