An internal investigation has uncovered that a former discontented contractor was behind the hacking of the blockchain tokenization platform, Holograph.
On June 13, a hacker manipulated the Holograph protocol, creating 1 billion native Holograph (HLG) tokens, valued at $14.4 million. This exploit caused the value of HGL tokens to plummet by nearly 80% in just nine hours, dropping from $0.014 to a low of $0.0029.
Source: Holograph
According to CoinGecko data, HGL experienced a brief, unsustained recovery to $0.0049 before settling at $0.002887 at the time of reporting.
Holograph (HGL) token monthly price chart. Source: CoinGecko
Holograph initiated an internal investigation in collaboration with the blockchain investigation firm Halborn and published a post-mortem on July 2. The report revealed that a “disgruntled former contractor” was involved. This individual used a proxy wallet to mint $14 million worth of HLG tokens. The hacker then sold these tokens to crypto investors on the open market, causing a significant price crash.
The former contractor-turned-hacker had meticulously planned the heist months in advance, leveraging admin access to Holograph Protocol v1 contracts as a backdoor.
Breakdown of the hacker’s activity on Holograph protocol. Source: Halborn
Holograph plans to engage law enforcement in the investigation. After pinpointing the cause, Holograph resumed bridging on the v2 protocol and advised all crypto exchanges to enable HLG deposits and withdrawals. The protocol will also implement a burn plan to reduce the maximum supply of HLG tokens to 10 billion. In response to community concerns about the inflated circulating supply, Holograph has not yet shared plans for recovering the lost funds or details on law enforcement proceedings but promised an update soon.
Related: Crypto hacks down by 54.2% in June, $176M lost in a month
Holograph has adopted a comprehensive resolution, including operational risk controls, to prevent insider attacks.
On June 3, the Bittensor protocol also had to halt its network activity following a series of wallet drains, which resulted in the theft of digital assets worth at least $8 million. The network outage, aimed at containing the exploit, was announced by Bittensor co-founder Ala Shaabana. The unknown address “5FbW” was exploited to obtain 32,000 Bittensor (TAO) tokens, valued at approximately $8 million at the time of writing.
Magazine: Crypto-Sec: Phishing scammer targets Hedera users, address poisoner steals $70K