Holograph protocol sabotaged by disgruntled contractor

An internal investigation revealed that a former disgruntled contractor was responsible for hacking the blockchain tokenization platform Holograph.

On June 13, a hacker exploited the Holograph protocol to mint 1 billion native Holograph (HLG) tokens worth $14.4 million. As a result, the value of HGL tokens dropped by nearly 80% within nine hours of the exploit, from $0.014 to a low of $0.0029.

Source: Holograph

According to CoinGecko data, HGL attempted an unsustained recovery to $0.0049 before stabilizing at $0.002887 at the time of writing.

HGL token monthly price chart. Source: CoinGecko

Holograph began an internal investigation with blockchain investigation firm Halborn and released a post-mortem of the incident on July 2, highlighting the involvement of “a disgruntled former contractor.” According to Holograph, the former contractor minted $14 million of HLG tokens using a proxy wallet.

The hacker then sold the newly minted HLG tokens to crypto investors in the open market, consequently crashing its price.

The former contractor-turned-hacker meticulously planned the heist months in advance, knowing they had admin access to Holograph Protocol v1 contracts, which was later used as a backdoor.

Breakdown of the hacker’s activity on Holograph protocol. Source: Halborn

Holograph intends to involve law enforcement in the investigation. After identifying the cause, Holograph resumed bridging on the v2 protocol and advised all crypto exchanges to allow HLG deposits and withdrawals.

The protocol will implement a burn plan to reduce the maximum supply of the HLG tokens to 10 billion. In response to a community member’s concerns about the inflated circulating supply, Holograph replied:

“Yes, only circulating supply is being burned to return circulating back to original schedule.”

The protocol has not yet shared plans for the lost funds’ recovery and law enforcement proceedings in an upcoming update.

Holograph implemented a comprehensive resolution, including operational risk controls, to prevent insider attacks.

On June 3, Bittensor was also forced to halt its network activity following a series of wallet drains that stole at least $8 million worth of digital assets.

The network outage aiming to contain the exploit was announced by Bittensor co-founder Ala Shaabana:

“By way of an update, we have contained the attack and put the chain into safe mode (blocks producing but no transactions are permitted). We’re still mid-investigation and are considering all possibilities.”

The unknown address “5FbW” was exploited to obtain 32,000 Bittensor (TAO) tokens worth approximately $8 million at the time of writing.

Main, News

Leave a Reply

Your email address will not be published. Required fields are marked *