$5.25M Stolen in Suspected Hedera Exploit, Funds Bridged to Ethereum
AI Market Summary
Security firms flagged a suspected $5.25M Hedera exploit, with funds bridged to Ethereum via LayerZero and consolidated into ETH/WBTC after initial funding through Tornado Cash. Even if consensus was not compromised, another high-profile incident reintroduces protocol and bridge-risk concerns and could chill near-term institutional appetite following the recent US spot HBAR ETF launch. Ongoing uncertainty around the vulnerability and recovery prospects raises reputational and counterparty risk.
Impact level
● Medium
Affected assets
HBAR/USDT-2.29%
AI Insight · HBAR/USDTAI Insight
▼ Bearish
Trade now
⚠️ AI-generated insights are based on news content and are provided for informational purposes only. They do not constitute investment advice or represent the views of BingX. Investing involves risk. Please trade responsibly.
Blockchain security firms PeckShield and Specter reported a suspected $5.25 million theft involving the Hedera network on July 11, tracing funds that moved from Hedera mainnet to Ethereum via a crosschain bridge built on LayerZero technology.
The incident lands at an awkward moment for Hedera. Only weeks after the network highlighted the launch of the first U.S. spot HBAR ETF, it is now facing scrutiny over a major security event.
According to the onchain trail cited by researchers, the attacker first funded an Ethereum wallet with 1 ETH routed through Tornado Cash. The actor then bridged assets from Hedera to Ethereum using LayerZero's crosschain infrastructure. After the assets arrived on Ethereum, the attacker swapped Wrapped Bitcoin for Ether, shifting the proceeds into more liquid holdings.
When the activity was flagged, the attacker's Ethereum wallet reportedly held about 2,360 ETH, valued near $4.25 million, and 15.58 WBTC worth roughly $1 million. The wallet addresses highlighted in the reports were 0x9A4966152F6e10b33Cb7a37975e8619816d6a494 and 0xaf20D792A19fD42dCf697ceBa6100291D96dD93e.
Hedera has not confirmed an exploit. Onchain investigators continue to review transaction data to determine the entry point, the specific vulnerability involved, and how access to the funds was obtained.
The suspected incident also revives concerns about repeated security failures across the sector. Hedera previously faced an exploit in March 2023 that impacted decentralized-exchange liquidity pools following a bug tied to Hedera Token Service transfers. In 2026, other high-profile events have included a $6 million exploit at Summer.fi and a governance attack on BONK DAO that led to $20 million in losses.
For HBAR and the newly launched ETF, the timing is notable. In June 2026, Canary Capital introduced the first U.S. spot HBAR ETF, which debuted with $52.6 million in assets under management. Roughly a month later, the network is now linked to a multimillion-dollar theft. Researchers said the activity appears to involve assets bridged off Hedera rather than a compromise of the network's core consensus mechanism. The use of Tornado Cash to seed the initial wallet may complicate any recovery effort.