Blockchain tokenization platform Holograph’s native token experienced a significant drop of 79.4% after a malicious actor breached the protocol’s operator contract and created 1 billion HLG tokens valued at $14.4 million.
Holograph’s X account confirmed the breach on June 14 and has since fixed the initial vulnerability. The platform is collaborating with cryptocurrency exchanges to freeze the accounts of the malicious actor. Additionally, Holograph has initiated its own investigation and is in contact with law enforcement authorities.
The hacker exploited a smart contract vulnerability to mint 1 billion HLG tokens in nine transactions, with the first mint occurring on June 13 at 9:47 am UTC. Subsequently, seven transactions were made in batches of 100 million tokens each. The price of HLG plummeted within 10 minutes of the exploit, dropping by 79.4% from $0.014 to a low of $0.0029 over nine hours. The market cap of HLG also decreased from almost $22 million to $4.8 million during this period, as reported by CoinGecko. The token has since recovered slightly to $0.008.
The 1 billion HLG tokens are currently valued at $7.4 million at the current price level. The hacker began converting the fraudulently minted HLG tokens into Tether (USDT) approximately four hours after the initial exploit.
Matt Casto, a cryptocurrency researcher at CMT Digital, speculates that the hacker may have been a “rogue dev” who funded Holograph’s operator contract address 26 days prior. Holograph has not yet disclosed whether it has identified the individual responsible for the breach.
Holograph is part of the Omnichain ecosystem and facilitates the seamless movement of tokens across blockchains while preserving the original contract address. This functionality allows asset issuers to access cross-chain data efficiently. The platform has secured venture capital funding from industry players like Animoca Brands and Mechanism Capital.
According to a recent report by Crystal Intelligence, a total of nearly $19 billion in cryptocurrencies has been stolen since the first reported industry hack in June 2011.