Holograph, a blockchain tokenization platform, announced on July 2 the successful completion of the post-mortem report for the security breach that occurred on June 13.
Holograph disclosed that the internal investigation found a former disgruntled contractor responsible for hacking the platform. In collaboration with Halborn Security, the detailed report provides a comprehensive overview of the incident and the measures taken to prevent future occurrences.
Holograph Hack Post-Mortem Report Released
On June 13, the hacker exploited Hologram, minted 1 billion HLG tokens, and absconded with the tokens worth approximately $14.4 million. Holograph’s team swiftly responded, posting on social media platform X,
According to data from Etherscan, the exploiters began draining the tokens on June 13 at 9:47 am UTC through nine transactions. On-chain data revealed that the ENS wallet acc01ade.eth was involved in the hack. Additionally, evidence from GitHub suggests that the attackers were contributors to the protocol, having made 113 contributions to Holograph last year.
Minutes after the breach, Holograph Protocol’s native token, HLG, saw its price drop dramatically. Data from CoinGecko showed the token’s value falling from $0.014 to a low of $0.0029, a 79.4% decrease.
Although HLG recovered slightly to $0.008 before an unsustained recovery to $0.0049, it is currently trading at $0.002887. Additionally, Etherscan showed that the exploiter converted the stolen HLG tokens into USDT four hours after the exploit.
Following the attack, Holograph initiated an internal investigation in collaboration with blockchain investigation firm Halborn. On July 2, Holograph released a post-mortem of the hack, tracing a disgruntled former contractor’s breach to unauthorized admin access to a proxy wallet.
The contractor minted approximately $14 million worth of new HLG tokens and sold them on the open market, causing a dramatic price crash. The former contractor meticulously planned the heist for months, leveraging their admin access to Holograph Protocol v1 contracts, which served as a backdoor.
Working closely with Halborn Security, Holograph identified the root cause of the exploit and has since implemented operational risk controls to prevent such incidents from reoccurring.
“We have taken immediate and decisive action to address the vulnerabilities and have put in place stringent measures to safeguard our protocol and community moving forward,” a spokesperson for Holograph stated.
Holograph Re-enables Bridging, Plans to Involve Law Enforcement in Investigation Following Incident
Following the report, Holograph plans to involve law enforcement in the ongoing investigation.
Having identified the cause, Holograph has re-enabled bridging on Holograph Protocol V2 and informed centralized exchanges Bybit, Gate, KuCoin, Bitget, and Backpack that it is now safe to re-open HLG deposits and withdrawals.
Additionally, the HLG Burn Plan is nearing completion, and it seeks to restore the maximum supply of HLG to 10 billion.
In response to community concerns about the inflated circulating supply, Holograph confirmed that only the circulating supply would be burned to return it to the original schedule.
The protocol has yet to share plans for recovering the lost funds and the law enforcement proceedings in an upcoming update.
Holograph assured stakeholders that further updates on asset recovery and law enforcement proceedings will be provided as they become available.