Hedera allegedly suffered an attack: 3.7 million cross-chain went missing.

CN
3 hours ago

Around July 11, Hedera Network, a distributed ledger platform based on the hashgraph consensus mechanism, drew the attention of on-chain analyst Specter: an anomalous cross-chain operation was detected, originating from the suspected attacker address 0x9A4966152F6e10b, where assets exceeding 3.7 million dollars were transferred from Hedera to the Ethereum network via the LayerZero cross-chain bridge. Some of the assets appeared in the form of WBTC during the cross-chain transfer and were quickly exchanged for ETH once they landed on Ethereum, resembling the asset transfer and initial laundering methods seen in past hacker incidents. Since Hedera had previously faced multiple security incidents related to smart contracts or cross-chain issues, this transfer and exchange behavior was interpreted by the community as a “suspected hacker attack” in a short time frame. As of that day, neither the Hedera team nor LayerZero provided formal technical explanations. In the absence of authoritative qualifications, the security of the cross-chain bridge and the overall trust in the Hedera ecosystem were placed under scrutiny, becoming the first two pillars shaken by this latest security incident.

3.7 Million Escaped from Hashgraph: Initial Restoration of Attack Path

According to AiCoin data, around July 11, 2026, a large, unidentified asset initiated a cross-chain request from the Hedera Network based on hashgraph consensus, with the cross-chain protocol pointing to LayerZero. On-chain analyst Specter marked the Ethereum address 0x9A4966152F6e10b as a suspected attacker, which received over 3.7 million dollars in assets after triggering the cross-chain message on the Hedera side. When the funds landed on Ethereum, they were minted into WBTC and then immediately exchanged for ETH by this address, representing a typical “fast cross-chain—immediate exchange” abnormal path.

From a purely on-chain perspective, we can only confirm that the funds transitioned from the Hedera hashgraph ledger to Ethereum via LayerZero, then centralized into more liquid ETH. However, we cannot determine whether this was due to a vulnerability in the cross-chain bridge itself, a compromised configuration environment, or related private keys being leaked based solely on the transaction records. Technical details have not yet been disclosed, and neither Hedera nor LayerZero has provided any retrospective explanation. In the absence of underlying reasons, the true attack method remains undecided, and all assumptions currently revolve around limited on-chain evidence, resulting in an open hypothesis.

Old Wounds Not Yet Healed, Again the Shadow of Hackers: Trust in Hedera Under Pressure

For seasoned participants, this shadow of hacking is not an isolated incident. Public information shows that prior to this, Hedera had already suffered security incidents due to smart contract vulnerabilities or cross-chain bridge issues. Although specific details are omitted here, the label of “past incidents” has already been etched in the minds of many developers and users. Now, on-chain analyst Specter has again identified the address 0x9A4966152F6e10b on the Hedera network, moving over 3.7 million dollars in assets to Ethereum through LayerZero, with WBTC subsequently exchanged for ETH. Such behavior, resembling asset paths observed in previous attack handling, will naturally be interpreted as old wounds reopening in the absence of official explanations.

In the context of repeated records of security incidents, the trust in the Hedera ecosystem is more reflected in the real issue of “whether there is still a willingness to continue deep binding.” A distributed ledger platform aimed at enterprises and institutions is fundamentally supported by “reliable and predictable” relationships to sustain brand and partnership trust. Once a crack appears in the sense of security, developers may hesitate more in selecting new projects. Existing applications might evaluate the reliance on key contracts and cross-chain bridges, and some institutional partners may enter a wait-and-see mode, pausing expansion or delaying launch rhythms. As of July 11, 2026, the Hedera team has yet to release a formal technical retrospective or risk warning. The outside world can only conjecture based on on-chain behavior and historical impressions of past security incidents to assess how much this impact has weakened public long-term trust in Hedera.

LayerZero in the Spotlight: Cross-Chain Security Under Scrutiny Again

In this alleged attack narrative, the camera inevitably shifts toward LayerZero, responsible for the “transportation” of assets. This interoperability layer is designed to transmit messages and assets across multiple public chains; in essence, it is a cross-chain communication foundation: the cross-chain transfer of over 3.7 million dollars from Hedera to Ethereum was completed through the bridge connected by LayerZero. After WBTC reached Ethereum, it was exchanged for ETH, forming the clearest segment of fund flow on-chain at present. Hence, questions surrounding LayerZero quickly arose—not because it suddenly appeared in the news but because it happened to be at a structural pressure point for all cross-chain risks.

From a technical framework perspective, LayerZero's security heavily relies on the correct configuration and reliability of relayers and oracles: relayers are responsible for passing message proofs, while oracles provide cross-chain state perspectives. If a configuration oversight or failure in trust assumptions occurs between the two, it could unexpectedly open a channel across multiple chains. This incident clearly involves cross-chain actions from Hedera to Ethereum completed through LayerZero, compounded by the existing understanding that “bridge modules have historically been heavy attack zones,” leading the market to naturally point the finger at the overall security of the cross-chain bridge rather than compressing the issue into an isolated incident of a single project. However, as of July 11, 2026, the attack vector remains undisclosed, with no evidence suggesting a vulnerability in the LayerZero protocol itself. What has truly been spotlighted is whether its security configuration at the relayer and oracle levels can withstand ongoing scrutiny.

WBTC Exchanged for ETH: A Familiar Money Laundering Script Replayed

Upon arriving at Ethereum, cross-chain funds quickly appeared in the form of WBTC, which was then exchanged for ETH on-chain. This path has already been a familiar script in past security incidents. Hackers typically do not wish to hold "original form" assets for long, preferring to convert them to ETH or other mainstream tokens as soon as possible. On one hand, this unifies their chips and reduces their identification; on the other hand, it allows them to utilize more mature trading and lending tools, creating space for subsequent fund splitting and turnover.

The preference for processing ill-gotten gains on Ethereum is also intuitive: it boasts a massive DeFi and application ecosystem, with tools for token exchanges, collateralized lending, derivatives contracts, and more, providing rich options for concealing or dispersing assets. However, according to current on-chain records and public information, it can only be confirmed that WBTC has been exchanged for ETH, and there is currently no reliable evidence to indicate whether the funds have entered mixing services or centralized exchanges for cashing out. The ultimate fate of the funds remains undisclosed and pending continuous tracking.

Can Cross-Chain Bridges Be Trusted Again: Signals to Watch Closely Going Forward

From the distributed ledger based on hashgraph consensus in Hedera, to sending assets to Ethereum via LayerZero, and to the involved address completing the exchange from WBTC to ETH on-chain, this alleged attack has exposed every weak link in the cross-chain path to public scrutiny. The security of cross-chain bridges has long been a hidden concern in the industry, and Hedera's past records of security incidents combined with this latest cross-chain missing of over 3.7 million dollars will only further weaken user intuitive trust in the narrative of “interoperability” within public chain ecosystems. What truly deserves close monitoring are several specific signals: first, whether Hedera and LayerZero will subsequently release a complete technical investigation report, clarifying whether this was due to cross-chain configuration flaws, smart contract issues, or private key failures, and providing clear accountability and remediation paths; second, whether notable adjustments will appear on the configuration level of the cross-chain bridge, such as changes to relayers and oracle sets or throttling or pausing of cross-Hedera channels, which will directly reflect the team's risk assessment; third, the subsequent movements of the address 0x9A4966152F6e10b and its associated addresses on Hedera and Ethereum—whether they continue to split, collateralize, or attempt to exit—will serve as the most intuitive on-chain window for the outside world to gauge the progression of the event. For users and developers alike, this incident serves as a reminder that when selecting cross-chain bridges and new interoperability protocols, audit quality, historical incident records, and risk control designs cannot rely solely on promotional materials but must be cross-verified with actual on-chain behavior. At the same time, it must also be acknowledged that as of July 11, 2026, no detailed technical retrospectives have been provided officially, and all interpretations can only remain cautiously assumed. Until thorough disclosure is achieved, cross-chain bridges should be regarded as infrastructure that requires constant calibration and dynamic risk assessment, rather than as black boxes where assets can be unconditionally entrusted.

Join our community, let's discuss and grow stronger together!
AiCoin Exclusive Hyperliquid Benefits: https://app.hyperliquid.xyz/join/AICOIN88
AiCoin Exclusive Aster Benefits: https://www.asterdex.com/zh-CN/referral/9C50e2
On-Chain Telegram Community: https://t.me/AiCoinWhaleData
On-Chain Community: https://www.aicoin.com/link/chat?cid=N6OVMor5g
AiCoin On-Chain Twitter: https://x.com/aicoinwhaledata

免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。

Share To
APP

X

Telegram

Facebook

Reddit

CopyLink