Hedera Probes Reported $5M+ Exploit as Stolen Assets Are Bridged to Ethereum
AI Market Summary
Hedera is investigating a reported exploit that drained $5M+ and was partially bridged to Ethereum via LayerZero, with indications the issue may stem from a Hedera-based DeFi protocol and oracle manipulation rather than the core network. Lack of official disclosure raises near-term uncertainty around ecosystem security and DeFi risk controls. HBAR has weakened over the past 24 hours as the incident circulates.
Impact level
● Medium
Affected assets
HBAR/USDT-1.18%
AI Insight · HBAR/USDTAI Insight
▼ Bearish
Trade now
⚠️ AI-generated insights are based on news content and are provided for informational purposes only. They do not constitute investment advice or represent the views of BingX. Investing involves risk. Please trade responsibly.
Hedera is investigating a suspected exploit that has drained more than $5 million in crypto assets, with onchain traces indicating the attacker has already moved part of the haul to Ethereum.
The incident was first highlighted on X by pseudonymous investigator Specter, who said the attacker bridged funds from Hedera to Ethereum. Later onchain observations suggested total losses may have climbed past $6 million.
Early indications point to a decentralized finance (DeFi) application built on Hedera, rather than a direct breach of the Hedera network itself.
Onchain security firm PeckShield corroborated the activity, reporting that the attacker appears to have swapped WBTC for ETH while bridging via LayerZero. PeckShield also said the wallet was initially funded with 1 ETH from Tornado Cash. The attacker is reported to hold more than 2,360 ETH and 15.58 WBTC.
Neither Hedera nor any affected protocol has provided an official, detailed disclosure, leaving the attack vector and the impacted application unconfirmed. Market speculation has centered on Bonzo Finance, a DeFi protocol on Hedera.
Bonzo Finance said it paused "Bonzo Lend" following an incident in which an actor borrowed more assets than their collateral allowed. The protocol alleged price manipulation of the SAUCE token against HBAR through a third-party oracle contract, exploiting the oracle's verification process. The reported loss from that incident was approximately $10.06 million, including $1 million borrowed by a white hat who used the exploit to safeguard funds.
HBAR has fallen sharply over the past day, down nearly 6% in the last 24 hours to around $0.067. It remains unclear how much of the move is directly attributable to the exploit reports.
The Hedera episode adds to a growing list of 2026 crypto exploits. In July, BONK DAO reportedly suffered a $20 million governance attack, and DeFi protocol Summer.fi was hit for about $6 million.
Even as incidents rise, aggregate losses have declined. TRM Labs counted 207 hacks in the first half of 2026, the most for any six-month period on record. Total losses during that window were $972 million, well below the $2.3 billion stolen in the first half of 2025. TRM Labs attributed much of the 2026 losses to two events, the Drift Protocol and KelpDAO attacks, which together accounted for $577 million.
Smart contract exploits represented 125 of the hacks, underscoring the growing prevalence of smaller-scale attacks. Average losses per hack are now about $219,000, a trend experts link to the proliferation of thousands of DeFi protocols, smart contracts, and token projects that expand the vulnerability surface for attackers.