An internal investigation has discovered that a former contractor, who was dissatisfied, was responsible for hacking the blockchain tokenization platform Holograph.
On June 13, a hacker took advantage of the Holograph protocol and created 1 billion native Holograph (HLG) tokens valued at $14.4 million. As a result, the value of HGL tokens plummeted by almost 80% within nine hours of the breach, dropping from $0.014 to a low of $0.0029.
According to CoinGecko data, HGL briefly attempted to recover to $0.0049 before stabilizing at $0.002887 at the time of writing.
Holograph began an internal investigation with blockchain investigation firm Halborn and released a post-mortem of the incident on July 2, pointing out the involvement of “a disgruntled former contractor.” The contractor reportedly created $14 million of HLG tokens using a proxy wallet.
The hacker then sold the newly created HLG tokens to cryptocurrency investors in the open market, causing its price to plummet.
The former contractor, now a hacker, carefully planned the heist months in advance, knowing that they had admin access to Holograph Protocol v1 contracts, which was later used as a backdoor.
Holograph plans to involve law enforcement in the investigation. After identifying the cause, Holograph resumed bridging on the v2 protocol and advised all cryptocurrency exchanges to allow HLG deposits and withdrawals.
The protocol will implement a burn plan to reduce the maximum supply of the HLG tokens to 10 billion. In response to a community member’s concerns about the inflated circulating supply, Holograph responded that the protocol has not yet shared plans for the lost funds’ recovery and law enforcement proceedings in an upcoming update.
Holograph implemented a comprehensive resolution, including operational risk controls, to prevent insider attacks. On June 3, the Bittensor protocol Bittensor was also forced to halt its network activity following a series of wallet drains that saw at least $8 million worth of digital assets stolen.
The network outage was aimed at containing the exploit and was announced by Bittensor co-founder Ala Shaabana. The unknown address “5FbW” was exploited to obtain 32,000 Bittensor (TAO) tokens worth approximately $8 million at the time of writing.