Hedgey Finance 加密貨幣搶劫案：透過函數漏洞竊取 4,450 萬美元

著名的代幣基礎設施平台 Hedgey Finance 成為大規模竊盜案的受害者，損失了約 4,450 萬美元的加密貨幣。這次複雜的攻擊利用了 Hedgey 的「createLockedCampaign」功能中的漏洞，允許攻擊者竊取以太坊第 2 層網路 Arbitrum 和幣安智能鏈上的資金。對沖基金正在調查這起事件，並建議用戶取消任何主動索賠，以減輕進一步的損失。這起竊盜事件凸顯了數位資產領域持續存在的漏洞，凸顯了增強安全性、威脅偵測系統和產業內協作的迫切需求。

Hedgey Finance Breach: A Comprehensive Analysis and Impact

對沖金融違規：綜合分析與影響

A Catastrophic Loss: Hedgey Finance Suffers a $44.5 Million Cryptocurrency Theft

災難性損失：對沖金融遭受 4450 萬美元的加密貨幣盜竊

In a shocking turn of events, Hedgey Finance, a prominent token infrastructure platform, has become the victim of a massive cryptocurrency theft amounting to approximately $44.5 million. This audacious attack unfolded rapidly over two hours, leaving its mark on both Ethereum's Arbitrum layer-2 network and Binance Smart Chain.

令人震驚的是，著名的代幣基礎設施平台 Hedgey Finance 成為價值約 4,450 萬美元的大規模加密貨幣竊盜案的受害者。這次大膽的攻擊在兩個多小時內迅速展開，在以太坊的 Arbitrum 第 2 層網路和幣安智能鏈上留下了痕跡。

Anatomy of the Attack: Exploiting Vulnerabilities, Laundering Funds

攻擊剖析：利用漏洞、洗錢

According to a meticulous analysis conducted by blockchain security firm Cyvers, the theft was meticulously executed by exploiting a vulnerability in Hedgey's "createLockedCampaign" function. The attacker wielded flash-loaned funds to initiate the heist, demonstrating an intimate understanding of the platform's operational mechanics and existing security flaws.

根據區塊鏈安全公司Cyvers的細緻分析，這起竊案是利用Hedgey的「createLockedCampaign」函數中的漏洞精心實施的。攻擊者利用閃電貸資金發動搶劫，表現出對該平台操作機制和現有安全缺陷的深入了解。

The first stage of the attack witnessed the theft of $1.9 million, which was swiftly converted into the DAI stablecoin and transferred to an external address. This was followed by a replication of the attack on the Arbitrum chain, where the assailant siphoned off a staggering $42.8 million after securing funding on the ETH chain via FixedFloat.

第一階段的攻擊導致 190 萬美元被盜，該資金很快就被轉換為 DAI 穩定幣並轉移到外部地址。隨後，Arbitrum 鏈上也遭受了同樣的攻擊，攻擊者透過 FixFloat 在 ETH 鏈上獲得資金後，竊取了驚人的 4,280 萬美元。

Delayed Response: Missed Opportunities for Swift Mitigation

反應延遲：錯過了快速緩解的機會

Despite Cyvers' prompt anomaly detection, efforts to contact Hedgey Finance's team for an immediate response proved futile. This delayed response underscores the critical need for enhanced communication and collaboration between decentralized applications (dApps) and security firms to mitigate risks and effectively restore trust within the community.

儘管 Cyvers 及時發現了異常情況，但聯繫 Hedgey Finance 團隊尋求立即回應的努力被證明是徒勞無功的。這種延遲的回應凸顯了加強去中心化應用程式 (dApp) 和安全公司之間的溝通和協作的迫切需要，以降低風險並有效恢復社區內的信任。

Ripple Effects: Crypto Market Volatility, BONUS Token Plunge

漣漪效應：加密貨幣市場波動、獎勵代幣暴跌

The breach has cast a shadow over the cryptocurrency market, with the suspicious address linked to the attack becoming the largest holder of the BONUS token, the native digital currency of BonusBlock. This project has attracted attention for its focus on acquiring and integrating high-quality users into the Web3 ecosystem. Consequently, the attack has led to a 10% plunge in BONUS' value, bringing its current price to $0.5084, as per CoinMarketCap.

這次洩漏為加密貨幣市場蒙上了陰影，與攻擊相關的可疑地址成為了 Bonus 代幣（BonusBlock 的原生數位貨幣）的最大持有者。該專案因其專注於獲取優質用戶並將其融入Web3生態而受到關注。因此，根據 CoinMarketCap 的數據，這次攻擊導致 BONUS 的價值暴跌 10%，使其當前價格降至 0.5084 美元。

Post-Theft Activities: Liquidation Attempts and Exchange Transfers

盜竊後活動：清算嘗試和交易所轉移

Following the theft, the attacker has not remained idle. Over 200,000 BONUS tokens, valued at approximately $110,000, have been shifted to the Bybit exchange. This move suggests an attempt to swiftly liquidate the stolen assets, complicating recovery efforts.

竊案發生後，攻擊者並沒有閒著。超過 20 萬個獎勵代幣（價值約 11 萬美元）已轉移至 Bybit 交易所。此舉顯示試圖迅速清算被盜資產，使追回工作變得更加複雜。

Hedgey Finance's Response: Investigation, User Advisory

Hedgefinance的回應：調查、使用者諮詢

In the wake of the breach, Hedgey Finance has initiated a comprehensive investigation to decipher the attack's mechanisms and bolster security measures to prevent similar vulnerabilities in the future. The platform has advised users with active claims to cancel them promptly using the "End Token Claim" feature available on their website.

漏洞發生後，Hedgey Finance 已啟動全面調查，以破解攻擊機制並加強安全措施，以防止未來出現類似漏洞。該平台已建議有有效索賠的使用者使用其網站上提供的「結束令牌索賠」功能立即取消索賠。

Hedgey Finance's statement reads, "We are diligently collaborating with our auditors and internal team to grasp the nature of the attack and terminate any ongoing malicious activity. As we gain further insights, we will provide additional updates."

Hedgey Finance 的聲明中寫道：「我們正在與我們的審計師和內部團隊努力合作，以了解攻擊的性質並終止任何正在進行的惡意活動。當我們獲得進一步的見解時，我們將提供更多更新。

Lessons Learned: Security Imperatives in the Crypto Space

經驗教訓：加密貨幣領域的安全要求

The theft from Hedgey Finance serves as a stark reminder of the vulnerabilities that persist in the digital asset realm. It underscores the pressing need for robust security measures, real-time threat detection systems, and proactive collaboration between technology providers and security firms to protect user assets effectively. As the investigation progresses, the crypto community will be closely monitoring developments, hoping for the recovery of the stolen funds and the implementation of more robust security measures in the future.

Hedgey Finance 的竊盜事件清楚地提醒人們，數位資產領域仍然存在漏洞。它強調了對強大的安全措施、即時威脅檢測系統以及技術提供者和安全公司之間的主動協作的迫切需求，以有效保護用戶資產。隨著調查的進展，加密貨幣社群將密切關注事態發展，希望能夠追回被盜資金並在未來實施更強有力的安全措施。