4450 萬美元搶劫案：對沖金融網路攻擊中利用的安全漏洞

領先的代幣基礎設施平台 Hedgey Finance 在以太坊的第 2 層網路 Arbitrum 和幣安智能鏈上遭受了約 4,450 萬美元的巨額損失。此次惡意攻擊是透過閃貸資金利用Hedgey的「createLockedCampaign」功能進行的，導致資金被盜走。

Major Theft of $44.5 Million from Hedgey Finance Exploits Security Weakness

利用安全漏洞從 Hedgey Finance 竊取 4,450 萬美元

A severe cyberattack has resulted in the theft of approximately $44.5 million worth of digital assets from Hedgey Finance, a prominent platform for token infrastructure. The incident, which occurred within a two-hour window, exploited vulnerabilities on both Ethereum's layer-2 network Arbitrum and Binance Smart Chain.

一場嚴重的網路攻擊導致著名的代幣基礎設施平台 Hedgey Finance 價值約 4,450 萬美元的數位資產被盜。這事件發生在兩小時內，利用了以太坊第 2 層網路 Arbitrum 和幣安智能鏈上的漏洞。

Attacker Exploits Security Flaw

攻擊者利用安全漏洞

According to a statement released on April 19 by Cyvers, a renowned blockchain security firm, a malicious attacker successfully exploited Hedgey's "createLockedCampaign" function by utilizing flash-loaned funds to siphon off the funds.

根據知名區塊鏈安全公司Cyvers 4月19日發布的聲明，惡意攻擊者成功利用Hedgey的「createLockedCampaign」功能，利用閃貸資金吸走資金。

Breakdown of the Theft

竊案的詳細情況

The initial attack on the Arbitrum chain resulted in the theft of $1.9 million, which was swiftly converted into the DAI stablecoin and subsequently transferred to an external address.

對 Arbitrum 鏈的最初攻擊導致 190 萬美元被盜，該資金迅速轉換為 DAI 穩定幣，隨後轉移到外部地址。

Subsequently, the attacker targeted the Arbitrum chain again, exploiting the same vulnerability to steal $42.8 million after obtaining funding from the ETH Chain via FixedFloat.

隨後，攻擊者再次瞄準Arbitrum鏈，透過FixedFloat從ETH鏈獲取資金後，利用相同漏洞竊取了4,280萬美元。

Cyvers' Unsuccessful Attempts to Contact Hedgey Finance

Cyvers 嘗試聯絡 Hedgey Finance 未果

Cyvers revealed that despite detecting the malicious activity, their efforts to reach Hedgey Finance's team proved futile. The firm emphasized the crucial need for open collaboration between dApps (decentralized applications) and security providers to mitigate risks and rebuild trust within the industry.

Cyvers 透露，儘管檢測到了惡意活動，但他們聯繫 Hedgey Finance 團隊的努力被證明是徒勞無功的。該公司強調 dApp（去中心化應用程式）和安全提供者之間迫切需要開放合作，以降低風險並重建行業內的信任。

BONUS Token Impact

獎勵代幣影響

Following the attack, the suspicious address involved in the theft emerged as the primary holder of the BONUS token. BONUS serves as the native digital asset of BonusBlock, a project dedicated to attracting and welcoming high-quality users to the Web3 ecosystem.

攻擊發生後，參與竊盜的可疑地址成為 BONUS 代幣的主要持有者。 BONUS是BonusBlock的原生數位資產，BonusBlock是一個致力於吸引和歡迎優質用戶加入Web3生態系統的計畫。

Decline in BONUS Token Value

獎勵代幣價值下降

Data from CoinMarketCap indicates a significant drop in the value of the BONUS token by approximately 10%, with its current value standing at $0.5084. This decline is attributed to the consequences of the attack.

CoinMarketCap 的數據顯示，BONUS 代幣的價值大幅下跌約 10%，目前價值為 0.5084 美元。這種下降歸因於攻擊的後果。

Stolen Assets on the Move

移動中的被盜資產

The attacker has initiated the transfer of some of the stolen assets, including over 200,000 BONUS tokens valued at $110,000, to the Bybit exchange.

攻擊者已開始將部分被盜資產轉移到 Bybit 交易所，其中包括超過 20 萬個獎勵代幣，價值 11 萬美元。

Hedgey Finance Response

對沖金融回應

In response to the exploit, Hedgey Finance announced an ongoing investigation into the attack. The firm swiftly advised users with active claims to cancel them using the "End Token Claim" feature on the platform's website.

作為對此漏洞的回應，Hedgefinance 宣布對此攻擊進行持續調查。該公司迅速建議有主動索賠的用戶使用平台網站上的「結束令牌索賠」功能取消索賠。

"We are actively working with our auditors and team to understand the attack and stop any ongoing attack. We will share more information as we learn more," the firm stated.

該公司表示：“我們正在積極與我們的審計師和團隊合作，以了解此次攻擊並阻止任何正在進行的攻擊。隨著我們了解更多信息，我們將分享更多信息。”

Phishing Scams Emerge

網路釣魚詐騙不斷出現

Simultaneously, numerous fraudulent accounts impersonating the Hedgey protocol have surfaced on social media platforms. These accounts attempt to deceive hacked platform users into requesting refunds or revoking their smart contract approvals through suspicious phishing links.

同時，社群媒體平台上出現了大量冒充 Hedgey 協定的詐騙帳號。這些帳戶試圖透過可疑的網路釣魚連結欺騙被駭的平台用戶要求退款或撤銷其智能合約批准。

Conclusion

結論

The theft of $44.5 million from Hedgey Finance highlights the ongoing security challenges faced by the cryptocurrency industry. It underscores the critical importance of robust security measures, open collaboration, and prompt response mechanisms to safeguard digital assets from malicious actors.

Hedgey Finance 4,450 萬美元被盜凸顯了加密貨幣產業持續面臨的安全挑戰。它強調了強有力的安全措施、開放協作和及時回應機制對於保護數位資產免受惡意行為者的侵害至關重要。