Skip to main content
Sign in
Heco Bridge1 decision on this page

Audit log

Every state-changing event for Heco Bridge: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-19 20:59:39Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 420,846,243
    sig
    2oYvBykbrc8z…C31wWWA9explorer ↗
    hash
    G6nwLRGaqLdL…Mwz2DUq9sha256 → base58
    verifying row…full verify ↗
    canonical bytes (6617 B) ▸
    {"actor":"system:backfill","investigation_id":"41ee11e0-4c08-4334-b556-7e1ca99846fd","kind":"publish","page_slug":"heco-bridge","published_at":"2026-05-19T20:59:39.291Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Heco Bridge","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.prnewswire.com/news-releases/huobi-announces-early-access-to-huobi-eco-chain-an-ethereum-compatible-public-chain-for-blockchain-developers-301190736.html"},{"credibility":3,"name":"","type":"other","url":"https://pontem.network/posts/a-deep-dive-into-the-heco-chain"},{"credibility":3,"name":"","type":"other","url":"https://coinmarketcap.com/academy/article/52cb9dfd-1370-47cc-a30e-dc3a67bbcd9a"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://rekt.news/heco-htx-rekt"},{"credibility":3,"name":"","type":"other","url":"https://hacken.io/insights/heco-bridge-hack-explained/"},{"credibility":3,"name":"","type":"other","url":"https://immunebytes.com/blog/heco-bridge-exploited-for-over-87m-in-a-suspected-private-key-leak/"},{"credibility":3,"name":"","type":"other","url":"https://www.certik.com/resources/blog/heco-bridge-exploit"},{"credibility":3,"name":"","type":"other","url":"https://blockworks.co/news/htx-hack-ethereum-crypto-assets"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://hacken.io/insights/heco-bridge-hack-explained/"},{"credibility":3,"name":"","type":"other","url":"https://rekt.news/heco-htx-rekt"},{"credibility":3,"name":"","type":"other","url":"https://olympixai.medium.com/heco-bridge-hack-analysis-64cffda76684"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/justin-sun-platforms-hacked-4-times"},{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/tech/2023/11/22/justin-sun-confirms-htx-heco-chain-exploited-after-100m-in-suspicious-transfers"},{"credibility":3,"name":"","type":"other","url":"https://coinpaper.com/2725/another-justin-sun-s-project-is-hacked-over-113-million-lost"},{"credibility":3,"name":"","type":"other","url":"https://www.cnbc.com/2023/11/23/htx-heco-chain-crypto-hack-115-million-stolen-so-far.html"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.elliptic.co/blog/north-korean-hackers-return-to-tornado-cash-despite-sanctions"},{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/business/2024/03/14/north-korean-hackers-used-tornado-cash-to-launder-12m-from-heco-bridge-hack-elliptic"},{"credibility":3,"name":"","type":"other","url":"https://crypto.news/heco-bridge-tornado-cash-hack/"},{"credibility":3,"name":"","type":"other","url":"https://www.investing.com/news/cryptocurrency-news/justin-sun-pledges-to-reimburse-htx-users-after-866-million-heco-chain-exploit-93CH-3241877"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://blockonomi.com/heco-chain-announces-january-2025-closure-users-urged-to-redeem-assets/"},{"credibility":3,"name":"","type":"other","url":"https://coinmarketcap.com/academy/article/52cb9dfd-1370-47cc-a30e-dc3a67bbcd9a"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/justin-sun-platforms-hacked-4-times"},{"credibility":3,"name":"","type":"other","url":"https://www.certik.com/resources/blog/heco-bridge-exploit"}]}],"sources_used":[],"summary":"Heco Bridge was the official cross-chain bridge connecting the HECO Chain (HTX Eco Chain) to Ethereum, operated by HTX (formerly Huobi) and associated with Justin Sun. On November 22, 2023, the bridge operator's private key was compromised, resulting in the theft of approximately $86.6 million in crypto assets; combined with a simultaneous HTX hot wallet breach, total losses reached approximately $99 million. Blockchain analytics firm Elliptic attributed the attack to North Korea's Lazarus Group, which subsequently laundered over $100 million of the proceeds through Tornado Cash. The HECO Network was permanently shut down on January 15, 2025.","timeline":[{"date":"2020-12-21","event":"HECO Chain (Huobi Eco Chain) officially launches with a $200 million ecosystem fund; Heco Bridge goes live enabling cross-chain transfers between HECO and Ethereum.","source":""},{"date":"2021-06-01","event":"HECO Chain TVL peaks at approximately $3 billion.","source":""},{"date":"2023-11-10","event":"Poloniex, a Justin Sun-affiliated exchange, is hacked for approximately $120 million in a suspected private key compromise attributed to Lazarus Group.","source":""},{"date":"2023-11-22","event":"Heco Bridge operator private key is compromised; approximately $86.6 million in USDT, ETH, HBTC, SHIB, and other tokens drained to attacker address 0xfc146d1caf6ba1d1ce6dcb5b35dcbf895f50b0c4. Simultaneously, HTX hot wallets lose approximately $12.5 million.","source":""},{"date":"2023-11-22","event":"Justin Sun confirms the exploit on social media, pledges full compensation for HTX hot wallet losses, and offers a 5% white-hat bounty to the attacker.","source":""},{"date":"2023-11-22","event":"CertiK, Hacken, and ImmuneBytes publish post-mortem analyses attributing the attack to a private key compromise of the bridge operator account.","source":""},{"date":"2023-11-23","event":"CNBC reports combined HTX/HECO losses have reached approximately $115 million; services remain suspended.","source":""},{"date":"2024-03-13","event":"Stolen funds begin moving for the first time since the November 2023 attack; Lazarus Group routes ETH through Tornado Cash mixer with over 40 transactions in the first two days.","source":""},{"date":"2024-03-14","event":"Elliptic publishes analysis attributing the Heco Bridge and HTX hack to North Korea's Lazarus Group; reports over $100 million laundered through Tornado Cash.","source":""},{"date":"2024-03-22","event":"The Block and Crypto.news report that Heco Bridge exploiters have laundered over $145 million via Tornado Cash within approximately eight days.","source":""},{"date":"2024-11-20","event":"HTX announces scheduled permanent shutdown of the HECO Network effective January 15, 2025; users urged to redeem HRC20 assets before January 10, 2025.","source":""},{"date":"2025-01-15","event":"HECO Network officially ceases all operations. Heco Bridge is permanently defunct.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 15bc5971-7d60-434b-ae32-c6ac09dbe28c
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.