Cryptocurrency exchange HTX (formerly Huobi) recovered $5 million worth of Ethereum (ETH) stolen in a September hack by paying the hacker a $410,000 "white hat" bounty. The unusual deal allowed HTX to get back all the stolen funds and gather valuable security information.

On September 25th, an attacker exploited a vulnerability at HTX and drained 5,000 ETH from a hot wallet, worth over $5M at current prices. After identifying the hacker, HTX offered a 5% bug bounty for returning the funds within a week.

The hacker complied by the October 2nd deadline and was paid 250 ETH ($410K) by HTX as promised. The hacker also left a message explaining the hack method and advising HTX to change hot wallet addresses and reduce balances.

HTX adviser Justin Sun announced the full recovery of funds on October 7th. By collaborating with the hacker, HTX managed to recover from the breach without losses or impacts to customers. The novel "white hat" arrangement provides a template for exchanges to improve security.