The protocol said that it is now actively working with auditors and its team to understand the attack and prevent any further damage.
Hedgey Finance, a token infrastructure platform, has fallen victim to a flash loan attack, resulting in the loss of approximately $44.5 million in digital assets across Ethereum’s layer-2 network Arbitrum and the Binance Smart Chain (BSC). The attack occurred within a two-hour window on April 19.
🚨UPDATE🚨@hedgeyfinance has experienced security breach with their Hedgey Token Claim Contract!
Total loss is around $1.9M. Attacker is funded by @ChangeNOW_io.
All stolen funds are swapped to $DAI and transferred to an EOA at https://t.co/MT78LFSQ7G
We urge all users to… https://t.co/hwuBjTiebp
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) April 19, 2024
According to blockchain security firm Cyvers, the attacker exploited Hedgey’s “createLockedCampaign” function using flash-loaned funds to drain the platform’s assets. The stolen funds were initially swapped to the DAI stablecoin and transferred to an external address.
The attacker then repeated the exploit on the Arbitrum chain, stealing an additional $42.8 million after receiving funding on the ETH Chain via FixedFloat.
Following the attack, the suspicious address became the primary holder of the BONUS token, the native digital asset of BonusBlock, a project aimed at acquiring and onboarding high-quality users to the Web3 ecosystem. The token’s value has since dropped by around 10% to $0.5084, according to on-chain data. The attacker has already begun moving some of the stolen assets, transferring over 200,000 BONUS tokens, worth approximately $110,000, to the Bybit exchange.
Hedgey Finance has announced an ongoing investigation into the attack and advised users with active claims to cancel them using the “End Token Claim” feature on the platform’s website. The firm is working with auditors to understand the attack and prevent any further exploitation.
Cyvers emphasized the importance of open collaboration between dApps and security firms to mitigate risks and rebuild trust in the crypto ecosystem. The security firm also noted that despite their efforts to reach out to Hedgey Finance’s team, they were unsuccessful in establishing contact prior to the attack.
In the wake of the incident, several fraudulent accounts impersonating the Hedgey protocol have emerged on social media platform X, attempting to lure users into phishing scams by prompting them to request refunds or retract their smart contract approvals through suspicious links.
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight – and oversight – of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
See full terms and conditions.