Hedera Exploit Surpasses $5 Million as Funds Bridged to Ethereum
Hedera Exploit Exceeds $5 Million – Attacker Bridges Funds to Ethereum as 2026 Hack Tally Grows
Key Takeaways
- Hedera has reportedly suffered an exploit with losses exceeding $5 million.
- The attacker bridged stolen assets from Hedera to Ethereum using LayerZero.
- Funds were swapped from Wrapped Bitcoin into ETH and partially tracked on-chain.
- Security firm PeckShield estimates about $5.25 million was bridged to Ethereum.
- The incident adds to more than $28 million in crypto platform losses recorded in July.
Exploit Reported on Hedera With Losses Climbing Above $5 Million
Hedera has reportedly been hit by an exploit that has resulted in losses of more than $5 million. The incident was first flagged by blockchain researcher Specter on Saturday, who identified suspicious fund movements linked to the network.
According to on-chain tracking data referenced in the report, the value of the stolen assets increased steadily as monitoring continued. Initial estimates placed the figure at approximately $3.7 million. The total then rose above $4 million before surpassing $5 million.
As of the latest updates cited, security firm PeckShield estimated that about $5.25 million had been bridged from Hedera to Ethereum. The funds were traced to a wallet holding roughly 2.36K ETH, valued at $4.25 million, and 15.58 Wrapped Bitcoin, valued at around $1 million.
Hedera had not issued a public statement regarding the incident at the time of reporting.
Stolen Assets Bridged to Ethereum Using LayerZero
Details shared by Specter indicate that the attacker moved funds from Hedera to Ethereum using LayerZero, a cross chain interoperability protocol. The bridging process enabled the transfer of assets out of the Hedera ecosystem.
Once on Ethereum, the stolen holdings were swapped from Wrapped Bitcoin into ETH. This conversion consolidated part of the assets into Ethereum’s native cryptocurrency, which can offer deeper liquidity and broader integration across decentralized platforms.
PeckShield reported that the attacker’s wallet had originally been funded with 1 ETH routed through Tornado Cash. Tornado Cash is a mixing tool designed to obscure the origin of funds by breaking the on-chain link between source and destination addresses. The use of such a tool can complicate attribution efforts in blockchain investigations.
Two wallet addresses associated with the theft were outlined by Specter:
0x9A4966152F6e10b33Cb7a37975e8619816d6a494
0xaf20D792A19fD42dCf697ceBa6100291D96dD93e
On-chain trackers continued to monitor these wallets as the total value connected to the exploit climbed.
July Sees Multiple Crypto Platform Hacks
The Hedera exploit adds to a series of security incidents reported in July. According to data cited from DefiLlama, three hacks targeting crypto platforms occurred during the month, resulting in combined losses exceeding $28 million.
Among these incidents was a $6 million exploit affecting the DeFi protocol Summer.fi. In a separate case, a governance attack targeting BONK DAO led to losses of $20 million.
Together with the reported Hedera exploit, these events contribute to a month marked by repeated security breaches across different segments of the crypto ecosystem, including decentralized finance protocols and governance systems.
Security Incidents Rise in First Half of 2026
The recent incidents align with a broader trend observed earlier in the year. A report from SlowMist found that security incidents increased by roughly 50% in the first half of 2026 compared with the previous period.
Despite the rise in the number of incidents, total losses declined over the same timeframe, according to the SlowMist findings cited. This indicates that while attacks have become more frequent, their financial scale has not necessarily grown in parallel.
The Hedera exploit therefore forms part of a wider pattern in which blockchain networks and decentralized protocols continue to face operational and security risks. For users and platforms interacting with cross chain bridges and DeFi systems, such events highlight the ongoing exposure to technical vulnerabilities and exploit strategies.
Our Assessment
Based on the reported data, Hedera has experienced an exploit in which more than $5 million in assets were moved off the network and bridged to Ethereum using LayerZero. On-chain tracking and analysis by Specter and PeckShield indicate that the attacker converted part of the stolen funds into ETH and that the wallet was initially funded through Tornado Cash.
The incident adds to more than $28 million in crypto platform losses recorded in July and follows a first half of 2026 in which security incidents rose by about 50%, according to SlowMist. Hedera had not issued a public statement at the time of reporting. The case illustrates the continued operational and security challenges facing blockchain networks and cross chain infrastructure in 2026.
