SECURITY

HTX hacker returned the money! Respond with strange English, take the bug bounty obediently

share
HTX hacker returned the money! Respond with strange English, take the bug bounty obediently

In late September, the HTX exchange was hacked for 4,999 ETH. Justin Sun stated that he accepted the "small loss" of nearly 8 million Euros and was willing to fully compensate. As of October 7th, data analysis account Lookonchain observed that the hacker had returned the 4,999 ETH and was even willing to claim the bug bounty.

Hacker Leaves Response in Broken English, Returns Bug Bounty

The hacker incident was suspicious from the start, with HTX receiving early warnings but not disclosing the information to users immediately. They only communicated with the hacker through blockchain messages, offering to fully compensate for the losses.

At the time, HTX left a message: "We have confirmed your real identity. Please return the funds to 0x18709E89BD403F470088aBDAcEbE86CC60dda12e. We will provide you with a 5% white hat bonus. This offer is valid for 7 days, until October 2, 2023. If you do not return the funds by the deadline, we will seek legal intervention." Blockchain message

After the deadline set by HTX passed, HTX did not announce any information regarding legal intervention; however, the hacker returned the money voluntarily, without even claiming the 5% white hat bonus.

The hacker left a strange English message for the bounty: "Received your message. white hat bonus to 0x1Fc8674A51D6b97C968BE384337519CE7003152B. your system hot wallet private key leak, you should change system hot wallet address and reduce the system hot wallet rate."

In this message, phrases like "your system hot wallet private key leak," "system hot wallet address," and "system hot wallet rate" are strung together with multiple nouns, lacking natural articles to convey the meaning, showing unnatural English usage. It is unclear if this was intentional obfuscation or the work of a non-native English speaker.

HTX Awards $410,000 Bounty

HTX gave the hacker 250 ETH and informed them that they made the right decision, providing an email address for the hacker to submit a vulnerability analysis report to help prevent similar incidents from occurring.