On June 13, 2024, Holograph, a blockchain tokenization protocol, encountered a critical smart contract exploit. An unauthorized actor minted 1 billion additional HLG (Holograph) tokens, incurring more than a 60% drop in token value in a duration of ten minutes. The incident had in fact resulted in a severe loss of investor confidence by the time Holograph’s team confirmed it in a statement on X.
The Holograph protocol allows the use of a single contract address across all EVM blockchains, enabling consistent tokenization, interoperability, and the transferring of assets cross-chain.
At 09:45 AM UTC: The exploiter executes the initial exploit transaction, minting a large quantity of unauthorized HLG tokens. At 10:00 AM UTC: The HLG token price begins a sharp decline as investors become aware of the exploit.
Throughout the day, the Holograph team identifies the exploit, patches the vulnerability, and collaborates with exchanges to freeze the attacker’s accounts.
Our examination of blockchain data using QLUE reveals the precise flow of funds during the exploit. The attacker quickly converted part of the stolen tokens for USDT using popular cryptocurrency exchanges and later converted the USDT to Ethereum.
Following the USDT conversion, the exploiter has acquired 373.27 ETH. They sent 100 ETH to each of three new addresses, for a total of 300 ETH. 25.6 ETH was transmitted to a different address, after which 1 Ethereum went to Tornado Cash and the other 23.96 ETH reached Railgun.
This exploiter left 0.5 ETH unspent in the last proceeds address and an approximate total of 47.6 ETH unspent in the initial consolidation address.
Below are the QLUE graphs that illustrate these transactions and the subsequent movement of funds.
The scam drove Holograph into a financial crisis. Ten minutes after the illegal minting, the market value of HLG tokens fell from about $22 million to less than $10 million, a startling loss of over $12 million. Because the attack raised questions about Holograph’s security protocols, investor trust in the platform was seriously damaged. Worse, the attacker’s quick transfer of a significant amount of HLG tokens to Tether (USDT) further unstabled the HLG market and raised price volatility.
In response to the incident, Holograph moved quickly in a number of directions. The group claimed to have found and fixed the smart contract’s vulnerability. They next worked with cryptocurrency exchanges to freeze the accounts connected to the attacker’s wallet, in an attempt to stop their capacity to influence the market. Holograph started a thorough investigation involving law enforcement in order to find the exploiters.
Lastly, in an effort to regain the confidence of its consumers, Holograph disclosed a compensation plan designed to lessen the financial damages incurred by individuals impacted by the exploit.
Holograph exploit only sets a reminder of a rising trend: Attacks on DeFi are a major and ongoing threat. DEX Velocore experienced a security breach on June 2nd, 2024, resulting in financial losses approximating $6.8 million in ETH. UwU Lend, an Ethereum-based lending and liquidity protocol, experienced two exploits in the past week. On June 13, UwU Lend was hacked, resulting in a loss of $3.72 million.
Whether such malicious operations are facilitated by insider jobs or a result of weak security measures by the service providers, law enforcement are expected to up their game to combat this malice.
Here’s when QLUE becomes an indispensable tool for law enforcement:
Investigators are able to trace and analyze bitcoin transactions with the help of QLUE, a robust tool for blockchain analytics investigations. Regarding DeFi exploits such as these, QLUE can play a crucial role in:
Book a free demo and start using QLUE in cryptocurrency investigation.
Written By: Omar Marzouk
Writer, Content marketing at Blockchain Intelligence Group
Investigate, track and trace illicit and legitimate money flows on the blockchain.
Get insights from recent crypto investigations, industry news and educational material.
Follow our latest announcements and press releases.
Stay up to date with the latest news on our company.
Essential blockchain technology and cryptocurrency key terms to fuel your investigations.