$44.5 Million Heist: Security Flaw Exploited in Hedgey Finance Cyberattack

Hedgey Finance, a leading token infrastructure platform, has suffered a substantial loss of approximately $44.5 million across Ethereum's layer-2 network Arbitrum and the Binance Smart Chain. The malicious attack was executed by exploiting Hedgey's "createLockedCampaign" function through flash-loaned funds, resulting in the siphoning off of the funds.

Major Theft of $44.5 Million from Hedgey Finance Exploits Security Weakness

A severe cyberattack has resulted in the theft of approximately $44.5 million worth of digital assets from Hedgey Finance, a prominent platform for token infrastructure. The incident, which occurred within a two-hour window, exploited vulnerabilities on both Ethereum's layer-2 network Arbitrum and Binance Smart Chain.

Attacker Exploits Security Flaw

According to a statement released on April 19 by Cyvers, a renowned blockchain security firm, a malicious attacker successfully exploited Hedgey's "createLockedCampaign" function by utilizing flash-loaned funds to siphon off the funds.

Breakdown of the Theft

The initial attack on the Arbitrum chain resulted in the theft of $1.9 million, which was swiftly converted into the DAI stablecoin and subsequently transferred to an external address.

Subsequently, the attacker targeted the Arbitrum chain again, exploiting the same vulnerability to steal $42.8 million after obtaining funding from the ETH Chain via FixedFloat.

Cyvers' Unsuccessful Attempts to Contact Hedgey Finance

Cyvers revealed that despite detecting the malicious activity, their efforts to reach Hedgey Finance's team proved futile. The firm emphasized the crucial need for open collaboration between dApps (decentralized applications) and security providers to mitigate risks and rebuild trust within the industry.

BONUS Token Impact

Following the attack, the suspicious address involved in the theft emerged as the primary holder of the BONUS token. BONUS serves as the native digital asset of BonusBlock, a project dedicated to attracting and welcoming high-quality users to the Web3 ecosystem.

Decline in BONUS Token Value

Data from CoinMarketCap indicates a significant drop in the value of the BONUS token by approximately 10%, with its current value standing at $0.5084. This decline is attributed to the consequences of the attack.

Stolen Assets on the Move

The attacker has initiated the transfer of some of the stolen assets, including over 200,000 BONUS tokens valued at $110,000, to the Bybit exchange.

Hedgey Finance Response

In response to the exploit, Hedgey Finance announced an ongoing investigation into the attack. The firm swiftly advised users with active claims to cancel them using the "End Token Claim" feature on the platform's website.

"We are actively working with our auditors and team to understand the attack and stop any ongoing attack. We will share more information as we learn more," the firm stated.

Phishing Scams Emerge

Simultaneously, numerous fraudulent accounts impersonating the Hedgey protocol have surfaced on social media platforms. These accounts attempt to deceive hacked platform users into requesting refunds or revoking their smart contract approvals through suspicious phishing links.

Conclusion

The theft of $44.5 million from Hedgey Finance highlights the ongoing security challenges faced by the cryptocurrency industry. It underscores the critical importance of robust security measures, open collaboration, and prompt response mechanisms to safeguard digital assets from malicious actors.