In a surprising turn of events, the hacker responsible for stealing a large sum of Ethereum from HTX Global, formerly Huobi, has refunded the entire stolen amount for the white-hat bounty offered by the exchange, on-chain sleuth Zachxbt reported Oct. 7.

The breach occurred on Sept. 25, with the hacker stealing a total of 4,997 Ether (ETH) — valued at approximately $8 million as of press time.

The exchange sent the hacker the promised bounty of $400,000 with a message attached that began with:

“You have made the right choice.”

It is unclear whether the hacker, now turned white-hat, will also take up the job offered by the exchange as part of the bounty.

Hacker leaves a note

As part of the refund process, the hacker left a note urging HTX to modify its system hot wallet address and minimize the system hot wallet rate, attributing the breach to private key leakage.

The note read:

“Received your message. white hat bonus to 0x1Fc8…..3152B .your system hot wallet private key leak, you should change system hot wallet address and reduce the system hot wallet rate.”

This compromised wallet, recognized as one of HTX’s hot wallets, has seen approximately $500 million in deposits from leading cryptocurrency exchange Binance since its establishment in March.

Interestingly, blockchain analytics firm Lookonchain identified that the funds were initially channeled through the Mixin Network, which recently reported a significant loss of $200 million. The funds were later traced back to both HTX and Binance.

With the recent return of the stolen funds, confidence in the exchange may see a gradual restoration, despite its recent controversies.

Sun’s response to the breach

In an immediate response to the attack, HTX advisor and TRON founder, Justin Sun, announced that the company had covered all the losses ensuring that all funds were safeguarded. He further revealed that the stolen sum was a minor fraction of the exchange’s total assets, approximated at $3 billion.

Additionally, as an incentive for the return of the stolen assets, Sun offered a “Whitehat” reward of 5% — amounting to $400,000 — to the hacker. This offer came with the additional opportunity for the hacker to serve as a security Whitehat advisor for HTX, provided the funds were returned promptly.

The incident occurred amid circulating rumors regarding the insolvency of HTX, with some prominent crypto voices urging people to withdraw their funds from the exchange.