H token exploit traced to compromised developer machine amid OTC scrutiny
The crew behind the H token exploit says a malware-infected developer machine led to the compromise of seven personal keys, permitting an attacker to grab management of bridge infrastructure and set off one of many largest token incidents of the month.
In line with the venture’s autopsy report, the attacker drained 141 million H tokens on Ethereum and minted one other 300 million H tokens on BNB Chain after taking management of administrative bridge permissions.
The report harassed that there was no vulnerability within the bridge contracts, the token contracts, or the multisig structure itself.
“There was no bug within the bridge, the token, or the Secure,” the crew wrote.
As an alternative, the exploit was traced to a compromised developer machine the place a number of manufacturing personal keys had reportedly been backed up.
Attacker gained administrative bridge management
The report says the attacker first compromised an externally owned account tied to bridge administration earlier than taking possession of the protocol’s ProxyAdmin contracts.
That allowed the exploiter to:
- improve bridge implementations,
- drain liquidity on Ethereum,
- and mint giant quantities of H tokens on BNB Chain.
The crew mentioned the BNB Chain aspect of the token provide is now thought-about “unrecoverable” as a result of the attacker nonetheless controls key bridge permissions tied to the compromised infrastructure.
The incident successfully reworked a non-public key compromise right into a full bridge administration takeover.
Report factors to operational safety failure
Not like many DeFi exploits involving good contract bugs or protocol logic flaws, the H incident seems to be primarily tied to operational safety failures.
The report says a single malware-infected machine uncovered seven manufacturing keys tied to bridge and administrative techniques.
That compromise allowed the attacker to function with authentic permissions quite than bypassing protocol safety mechanisms instantly.
The exploit provides to rising trade issues that decentralized infrastructure can nonetheless fail catastrophically when personal key administration and endpoint safety stay centralized.
Exploit triggered wider scrutiny on-line
The incident additionally sparked broader dialogue throughout Crypto Twitter. On-chain investigator ZachXBT questioned the venture’s market-making and OTC exercise earlier than later clarifying that the exploit itself appeared unrelated.
In a collection of posts, ZachXBT initially raised issues about energetic market-making agreements and token promotion exercise surrounding the venture.
Nonetheless, he later mentioned additional evaluation prompt the “personal key compromise” and “sketchy MM / OTC” exercise appeared “unbiased of each other and never associated.”
The feedback mirrored broader skepticism available in the market as merchants sought to find out whether or not the exploit stemmed from insider exercise or a real infrastructure compromise.
Remaining Abstract
- The H token exploit was traced to a malware-infected developer machine that uncovered seven personal keys used for bridge administration.
- ZachXBT later clarified that separate issues about market-making and OTC exercise weren’t instantly linked to the personal key compromise.
