Holograph hack leads to $7M loss, HLG token dives 80%
Blockchain security firm Chyvers tracked part of the stolen funds, revealing the hacker's strategy involving USDT, ETH, and privacy protocols.
Holograph, a leading omnichain tokenization platform, experienced a significant smart contract exploit, resulting in the loss of 1 billion HLG tokens valued at approximately $7 million.
Following the incident, the project’s native HLG token dipped by around 80% during the last 24 hours to as low as $0.0029 before slightly recovering to $0.0068 as of press time. The tokens were airdropped to the community in May.
Holograph facilitates token transfers across blockchains while retaining the original contract address. This innovation allowed asset issuers to index cross-chain data effectively. The company secured funding from notable investors, including Animoca Brands and Mechanism Capital.
The hack
The platform confirmed on X that its Holograph Operator Contract had been compromised by a malicious actor, who subsequently minted 1 billion HLG tokens.
While the initial exploit has been patched, Holograph’s team is actively working with exchanges to lock the compromised accounts. It added:
“The team has launched an investigation & is in the process of contacting law enforcement.”
On-chain data indicates that the tokens were valued at around $7 million at the time of the theft.
Blockchain security platform Cyvers reported that some of the stolen tokens were swapped for the USDT stablecoin, which the attacker used to acquire 300 ETH. Subsequently, the hacker distributed the funds to several addresses, including those linked to privacy protocols like Tornado Cash and Railgun.
Despite these movements, on-chain data shows the exploiter’s address still holds about 47.59 ETH, valued at around $167,000 at press time.
Matt Casto, a DeFi researcher at CMT Digital, said the attacker was likely “a rogue dev who funded the address 26 days ago,” adding that the “address was the one who received the minted supply.”
This incident follows the project’s recent ecosystem upgrades. The platform had planned to upgrade to LayerZero V2 to enhance cross-chain security and support new chains like Sei, Blast, Solana, Ton, zkSync, and ZetaChain.