shield Business Logic Flaw

HNet Exploit: Business Logic Flaw Incident Explained (2023)

Q: When did the HNet hack happen?

The HNet exploit was recorded on December 7, 2023 — 859 days ago.

Q: What type of exploit hit HNet?

The HNet incident is classified as a Business Logic Flaw. A business-logic bug in the contract — such as an incorrect formula or missing state update — lets the attacker withdraw more than their share.

Q: Which blockchain was HNet deployed on?

The HNet contract was deployed on BNB Chain, one of 23 documented incidents on that chain.

Q: How does HNet compare to the largest Business Logic Flaw attack?

The largest business logic flaw incident in our archive is - EulerFinance (2023) at $200M. The HNet loss was not publicly disclosed.

On December 2023, HNet suffered a business logic flaw on BNB Chain — the first of 144 documented business logic flaw incidents in our archive where the loss figure was not publicly disclosed but the exploit pattern is documented below.

Attack Mechanics: How the HNet Business Logic Flaw Played Out

Exploit Class Applied to HNet

The HNet incident on December 7, 2023 is classified as a Business Logic Flaw. A business-logic bug in the contract — such as an incorrect formula or missing state update — lets the attacker withdraw more than their share. In the full archive, HNet is 1 of 144 documented business logic flaw incidents.

HNet in Context

The HNet incident joins a class whose largest loss to date is – EulerFinance (2023) at $200M.

Prior Business Logic Flaw Before HNet

The nearest business logic flaw incident before HNet was BEARNDAO, 2 days earlier on December 5, 2023 ($769K lost). The same exploit class surfaced again within the business logic flaw attack surface.

Target Chain: BNB Chain

The vulnerable HNet contract was deployed on BNB Chain — one of 23 documented incidents on BNB Chain. This determines the block cadence, mempool, and forensic tooling available to investigators.

Impact & Recovery for HNet

HNet Loss Figure

The loss figure for HNet is not publicly disclosed. The primary source reports the exploit in non-USD terms, so no USD estimate is published here. For reference, the average loss across 144 business logic flaw incidents in our archive is $6.08M.

Timeline Since the HNet Incident

The HNet exploit occurred 2.4 years ago (859 days). The contract, its fork-block, and the attack transaction remain on-chain and forensically reproducible.

Primary Reference for HNet

Public post-mortem / on-chain analysis for the HNet incident: view source.

FAQ

How much did HNet lose?

The HNet loss figure is not publicly disclosed. The primary source reports the exploit in non-USD token terms, so no USD estimate is published here.

When did the HNet hack happen?

The HNet exploit was recorded on December 7, 2023 — 859 days ago.

What type of exploit hit HNet?

The HNet incident is classified as a Business Logic Flaw. A business-logic bug in the contract — such as an incorrect formula or missing state update — lets the attacker withdraw more than their share.

Which blockchain was HNet deployed on?

The HNet contract was deployed on BNB Chain, one of 23 documented incidents on that chain.

How does HNet compare to the largest Business Logic Flaw attack?

The largest business logic flaw incident in our archive is – EulerFinance (2023) at $200M. The HNet loss was not publicly disclosed.

Which dataset is used for the study presented in the paper?

The Elliptic Dataset, the world’s largest publicly available cryptocurrency transaction dataset.

How are green bonds perceived in terms of investment?

As a tool that contributes to value creation and attracts investors.