$5.25 million stolen in suspected Hedera network exploit as funds move to Ethereum

$5.25 million stolen in suspected Hedera network exploit as funds move to Ethereum

An attacker bridged millions in digital assets from Hedera to Ethereum using LayerZero, then laundered proceeds through Tornado Cash

Someone just walked off with $5.25 million from the Hedera network, and they didn’t exactly try to be subtle about it. Blockchain security firms PeckShield and Specter flagged the suspicious activity on July 11, tracking a trail of funds that moved from Hedera’s mainnet to Ethereum through a cross-chain bridge powered by LayerZero technology.

The timing is particularly awkward for Hedera. Just weeks after the network celebrated the launch of the first US spot HBAR ETF, it’s now dealing with a significant security incident.

How the exploit unfolded

The attacker funded an Ethereum wallet with 1 ETH routed through Tornado Cash, the privacy mixing service. From there, the attacker bridged assets from Hedera to Ethereum using LayerZero’s cross-chain infrastructure. Once the funds landed on Ethereum, the attacker swapped Wrapped Bitcoin for Ether, consolidating the stolen haul into more liquid assets.

Advertisement

At the time security researchers flagged the incident, the attacker’s Ethereum wallet held approximately 2,360 ETH, valued at about $4.25 million, along with 15.58 WBTC worth roughly $1 million. The wallet addresses involved have been identified as 0x9A4966152F6e10b33Cb7a37975e8619816d6a494 and 0xaf20D792A19fD42dCf697ceBa6100291D96dD93e.

Hedera itself has not confirmed the exploit. On-chain investigators are still picking through the transaction data to determine exactly what vulnerability was exploited and how the attacker gained access to the funds in the first place.

A pattern that should worry everyone

This isn’t Hedera’s first brush with a security breach. Back in March 2023, the network experienced an exploit that affected decentralized exchange liquidity pools through a bug in Hedera Token Service transfers.

The 2026 landscape has been particularly brutal. A $6 million exploit hit Summer.fi, and a governance attack on BONK DAO resulted in $20 million in losses. The suspected Hedera incident slots neatly into this growing catalog of multi-million-dollar security failures.

What this means for HBAR and its new ETF

In June 2026, Canary Capital launched the first US spot HBAR ETF, which debuted with $52.6 million in assets under management. Now, barely a month later, the network is associated with a multi-million-dollar theft.

The exploit appears to involve assets bridged off the Hedera network rather than a compromise of the network’s core consensus mechanism. The use of Tornado Cash to fund the initial wallet suggests the attacker was prepared for scrutiny, which typically makes fund recovery significantly more difficult.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.

$5.25 million stolen in suspected Hedera network exploit as funds move to Ethereum

$5.25 million stolen in suspected Hedera network exploit as funds move to Ethereum

An attacker bridged millions in digital assets from Hedera to Ethereum using LayerZero, then laundered proceeds through Tornado Cash

Someone just walked off with $5.25 million from the Hedera network, and they didn’t exactly try to be subtle about it. Blockchain security firms PeckShield and Specter flagged the suspicious activity on July 11, tracking a trail of funds that moved from Hedera’s mainnet to Ethereum through a cross-chain bridge powered by LayerZero technology.

The timing is particularly awkward for Hedera. Just weeks after the network celebrated the launch of the first US spot HBAR ETF, it’s now dealing with a significant security incident.

How the exploit unfolded

The attacker funded an Ethereum wallet with 1 ETH routed through Tornado Cash, the privacy mixing service. From there, the attacker bridged assets from Hedera to Ethereum using LayerZero’s cross-chain infrastructure. Once the funds landed on Ethereum, the attacker swapped Wrapped Bitcoin for Ether, consolidating the stolen haul into more liquid assets.

Advertisement

At the time security researchers flagged the incident, the attacker’s Ethereum wallet held approximately 2,360 ETH, valued at about $4.25 million, along with 15.58 WBTC worth roughly $1 million. The wallet addresses involved have been identified as 0x9A4966152F6e10b33Cb7a37975e8619816d6a494 and 0xaf20D792A19fD42dCf697ceBa6100291D96dD93e.

Hedera itself has not confirmed the exploit. On-chain investigators are still picking through the transaction data to determine exactly what vulnerability was exploited and how the attacker gained access to the funds in the first place.

A pattern that should worry everyone

This isn’t Hedera’s first brush with a security breach. Back in March 2023, the network experienced an exploit that affected decentralized exchange liquidity pools through a bug in Hedera Token Service transfers.

The 2026 landscape has been particularly brutal. A $6 million exploit hit Summer.fi, and a governance attack on BONK DAO resulted in $20 million in losses. The suspected Hedera incident slots neatly into this growing catalog of multi-million-dollar security failures.

What this means for HBAR and its new ETF

In June 2026, Canary Capital launched the first US spot HBAR ETF, which debuted with $52.6 million in assets under management. Now, barely a month later, the network is associated with a multi-million-dollar theft.

The exploit appears to involve assets bridged off the Hedera network rather than a compromise of the network’s core consensus mechanism. The use of Tornado Cash to fund the initial wallet suggests the attacker was prepared for scrutiny, which typically makes fund recovery significantly more difficult.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.