Hedera Network Suspected of Being Hacked! $3.7 Million WBTC Bridged via LayerZero to Ethereum

On July 11, on-chain detective Specter issued a warning that the Hedera Network may have been attacked by hackers. The attacker used the cross-chain protocol LayerZero to move more than $3.7 million in funds from Hedera to Ethereum; the stolen funds are currently being swapped from WBTC into ETH. As of the time of writing, Hedera’s official team has not yet confirmed this matter.
(Background: FedEx joins the Hedera Council! The logistics giant moves into the blockchain supply chain, and HBAR is up more than 7%)
(Additional background: Justin Sun’s WBTC partnership controversy》BitGo steps in to clarify, and the founder sends a “soul-searching” letter with five questions)

Key Summary

  • On-chain detective Specter monitors that on July 11, the Hedera Network was allegedly attacked, and more than $3.7 million was bridged to Ethereum via LayerZero
  • The stolen funds are being converted from WBTC to ETH; a common interpretation is that this is to bypass BitGo’s address-freezing capability for WBTC issuers
  • As of the time of writing, neither Hedera nor LayerZero has responded; the actual magnitude of the losses and which part of the vulnerability is involved are still to be confirmed

On July 11, on-chain detective Specter issued an alert that the Hedera Network was possibly targeted by hackers. The attacker has already transferred more than $3.7 million from Hedera to Ethereum via the cross-chain protocol LayerZero, and the stolen funds are currently being swapped from WBTC into ETH.

There appears to be an ongoing hack involving @hedera Network, with over $3.7M already bridged to Ethereum by the attacker.

The stolen funds are currently being swapped from WBTC for ETH after being bridged from the Hedera network via Layerzero.

Theft addresses:… pic.twitter.com/KSxd3K2vlu

— Specter (@SpecterAnalyst) July 11, 2026

As of the time of writing, Hedera has not confirmed that it was attacked. The actual size of the losses and where exactly the vulnerability occurred have not been determined.

Why is ### rushing to switch into ETH?

The stolen WBTC is being rapidly converted into ETH, and this step usually has a clear purpose. WBTC is a centralized asset custodied by BitGo, and the issuer has the ability to freeze tokens in specific addresses.

By swapping the WBTC into ETH—an asset that cannot be frozen by a single issuer—the attacker effectively converts the funds into a form that is harder to recover before they get halted. This is a common playbook in on-chain theft cases: time is everything.

### WBTC has just landed on Hedera, and LayerZero hasn’t had a calm year

WBTC was recently brought into Hedera via BitGo, BiT Global, and LayerZero, opening the door for Bitcoin DeFi (BTCfi) on Hedera. At one point, it brought more than $100 million in Bitcoin liquidity to the network. This incident hits perfectly at this newly opened capital pipeline.

LayerZero has had plenty of discussion this year about cross-chain security. In April, the rsETH bridge of KelpDAO was breached due to a compromise in the validation process, causing losses of about $292 million. Afterward, LayerZero admitted that it “made a mistake” in how it handled it. However, the root source of the vulnerability in the Hedera incident has not yet been clarified. Whether the attacker used LayerZero as a withdrawal channel, or whether LayerZero itself was compromised, remains inconclusive.

Hedera is not a stranger to trouble either. Back in March 2023, it was attacked due to a vulnerability in the precompiled contract used for its smart contract services. The attacker transferred tokens out via the HashPort bridge, with actual losses of about $600k, though the damage to the overall ecosystem was at one point estimated at $12 million.

This incident is still unfolding. The attacker’s full address, the final destinations of the funds, and the official responses from both Hedera and LayerZero all need to be provided. BlockTempo will continue to track the situation.

Frequently Asked Questions

How much was stolen from Hedera this time?

According to on-chain detective Specter’s monitoring on July 11, the attacker bridged more than $3.7 million from Hedera to Ethereum via LayerZero. The stolen funds are currently being swapped from WBTC into ETH. As of the time of writing, Hedera’s official team has not confirmed this, and the actual loss amount still needs to be verified.

Why did the attacker swap WBTC for ETH?

WBTC is a centralized asset custodied by BitGo, and the issuer can freeze tokens in specific addresses. The attacker swapped WBTC into ETH that cannot be frozen by a single issuer—this is a common method used by hackers. The goal is to convert the assets into a form that is harder to recover before the assets are frozen.

HBAR-3.56%
WBTC-0.16%
ZRO0.50%
ETH-0.10%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned