Hedgey Finance suffered a devastating blow on April 19 when two simultaneous exploits drained $44.7 million from the token infrastructure platform.
During the two-hour attack, the hacker utilized the ‘createLockedCampaign’ function with flash-loaned funds across multiple blockchains.
Hedgey Finance Hacked: $1.9 Million Stolen on Ethereum, $42.8 Million on Arbitrum
Cyvers reported that Hedgey Finance suffered two exploits, one on the Ethereum (ETH) blockchain and another on the Arbitrum (ARB) network. The ETH attack resulted in a loss of $1.9 million, while the Arbitrum exploit led to a theft of $42.8 million in ARB tokens.
🚨UPDATE🚨@hedgeyfinance has experienced security breach with their Hedgey Token Claim Contract!
Total loss is around $1.9M. Attacker is funded by @ChangeNOW_io.
All stolen funds are swapped to $DAI and transferred to an EOA at https://t.co/MT78LFSQ7G
We urge all users to… https://t.co/hwuBjTiebp
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) April 19, 2024
On-chain analytics showed that the attacker’s address was funded from web3 crypto exchange ChangeNOW, while the attacker swiftly deposited a portion of the stolen funds onto the Bybit cryptocurrency exchange.
All stolen funds have been converted to $DAI and transferred to an External Owned Account (EOA).
Security Alert: We’re investigating an attack on the Hedgey Token Claim Contract. If you have created active claims, please cancel them using the “End Token Claim” button at https://t.co/Tt7Aq0n2dh.
We are are actively working with our auditors and team to understand the attack…
— Hedgey 🦔 (@hedgeyfinance) April 19, 2024
In response to the exploits, Hedgy Finance promptly confirmed the incidents and initiated a thorough investigation into the attack on their Token Claim Contract. They advised users with active claims to utilize the “End Token Claim” feature on their platform to mitigate further risks.
Hedgy Finance is collaborating with internal and external security experts to investigate the vulnerabilities exploited during the attacks and will provide further updates as new information becomes available.
Crypto Hacks Decrease by Nearly 50% in March: PeckShield Report
Crypto investors enjoyed a reprieve in March as losses from hacks plummeted by nearly 50% compared to February, according to a PeckShield report.
#PeckShieldAlert March 2024 witnessed 30+ hacks in the crypto space, resulting in ~$187.29 million in losses, with ~$98.8 million recovered.
This marks a decrease of ~48% from February 2024.#Top5 hacks:#Munchables (#Juice affected): $97 million (recovered)#CurioNetwork: $40… pic.twitter.com/u3zejt9Ygn— PeckShieldAlert (@PeckShieldAlert) April 1, 2024
While the month still saw over 30 hacking incidents, resulting in $187.29 million in losses, this marked a notable improvement from February’s $360 million. PeckShield also highlighted the recovery of $98.8 million in stolen funds.
Despite the positive trend, March’s losses still exceed January’s, which saw $182.5 million disappear due to hacks. Looking at the broader picture, the first quarter of 2024 experienced a 17.5% reduction in losses compared to the same period in 2023.
Data from Immunefi further revealed that hacking remains the primary method of crypto theft, accounting for 95.6% of total losses, with fraud constituting a mere 4.4%.
Read the full article here