Hedgey Finance 加密货币抢劫案：通过函数漏洞窃取 4450 万美元

著名的代币基础设施平台 Hedgey Finance 成为大规模盗窃案的受害者，损失了约 4450 万美元的加密货币。这次复杂的攻击利用了 Hedgey 的“createLockedCampaign”功能中的漏洞，允许攻击者窃取以太坊第 2 层网络 Arbitrum 和币安智能链上的资金。对冲基金正在调查这一事件，并建议用户取消任何主动索赔，以减轻进一步的损失。此次盗窃事件凸显了数字资产领域持续存在的漏洞，凸显了增强安全性、威胁检测系统和行业内协作的迫切需要。

Hedgey Finance Breach: A Comprehensive Analysis and Impact

对冲金融违规：综合分析和影响

A Catastrophic Loss: Hedgey Finance Suffers a $44.5 Million Cryptocurrency Theft

灾难性损失：对冲金融遭受 4450 万美元的加密货币盗窃

In a shocking turn of events, Hedgey Finance, a prominent token infrastructure platform, has become the victim of a massive cryptocurrency theft amounting to approximately $44.5 million. This audacious attack unfolded rapidly over two hours, leaving its mark on both Ethereum's Arbitrum layer-2 network and Binance Smart Chain.

令人震惊的是，著名的代币基础设施平台 Hedgey Finance 成为价值约 4450 万美元的大规模加密货币盗窃案的受害者。这次大胆的攻击在两个多小时内迅速展开，在以太坊的 Arbitrum 第 2 层网络和币安智能链上留下了痕迹。

Anatomy of the Attack: Exploiting Vulnerabilities, Laundering Funds

攻击剖析：利用漏洞、洗钱

According to a meticulous analysis conducted by blockchain security firm Cyvers, the theft was meticulously executed by exploiting a vulnerability in Hedgey's "createLockedCampaign" function. The attacker wielded flash-loaned funds to initiate the heist, demonstrating an intimate understanding of the platform's operational mechanics and existing security flaws.

根据区块链安全公司Cyvers的细致分析，这起盗窃案是利用Hedgey的“createLockedCampaign”函数中的漏洞精心实施的。攻击者利用闪电贷资金发起抢劫，表现出对该平台操作机制和现有安全缺陷的深入了解。

The first stage of the attack witnessed the theft of $1.9 million, which was swiftly converted into the DAI stablecoin and transferred to an external address. This was followed by a replication of the attack on the Arbitrum chain, where the assailant siphoned off a staggering $42.8 million after securing funding on the ETH chain via FixedFloat.

第一阶段的攻击导致 190 万美元被盗，该资金很快被转换为 DAI 稳定币并转移到外部地址。随后，Arbitrum 链上也遭受了同样的攻击，攻击者通过 FixFloat 在 ETH 链上获得资金后，窃取了惊人的 4280 万美元。

Delayed Response: Missed Opportunities for Swift Mitigation

响应延迟：错过了快速缓解的机会

Despite Cyvers' prompt anomaly detection, efforts to contact Hedgey Finance's team for an immediate response proved futile. This delayed response underscores the critical need for enhanced communication and collaboration between decentralized applications (dApps) and security firms to mitigate risks and effectively restore trust within the community.

尽管 Cyvers 及时发现了异常情况，但联系 Hedgey Finance 团队寻求立即响应的努力被证明是徒劳的。这种延迟的响应凸显了加强去中心化应用程序 (dApp) 和安全公司之间的沟通和协作的迫切需要，以降低风险并有效恢复社区内的信任。

Ripple Effects: Crypto Market Volatility, BONUS Token Plunge

涟漪效应：加密货币市场波动、奖励代币暴跌

The breach has cast a shadow over the cryptocurrency market, with the suspicious address linked to the attack becoming the largest holder of the BONUS token, the native digital currency of BonusBlock. This project has attracted attention for its focus on acquiring and integrating high-quality users into the Web3 ecosystem. Consequently, the attack has led to a 10% plunge in BONUS' value, bringing its current price to $0.5084, as per CoinMarketCap.

此次泄露给加密货币市场蒙上了阴影，与攻击相关的可疑地址成为了 Bonus 代币（BonusBlock 的原生数字货币）的最大持有者。该项目因其专注于获取优质用户并将其融入Web3生态而受到关注。因此，根据 CoinMarketCap 的数据，这次攻击导致 BONUS 的价值暴跌 10%，使其当前价格降至 0.5084 美元。

Post-Theft Activities: Liquidation Attempts and Exchange Transfers

盗窃后活动：清算尝试和交易所转移

Following the theft, the attacker has not remained idle. Over 200,000 BONUS tokens, valued at approximately $110,000, have been shifted to the Bybit exchange. This move suggests an attempt to swiftly liquidate the stolen assets, complicating recovery efforts.

盗窃案发生后，袭击者并没有闲着。超过 200,000 个奖励代币（价值约 110,000 美元）已转移至 Bybit 交易所。此举表明试图迅速清算被盗资产，从而使追回工作变得更加复杂。

Hedgey Finance's Response: Investigation, User Advisory

Hedgefinance的回应：调查、用户咨询

In the wake of the breach, Hedgey Finance has initiated a comprehensive investigation to decipher the attack's mechanisms and bolster security measures to prevent similar vulnerabilities in the future. The platform has advised users with active claims to cancel them promptly using the "End Token Claim" feature available on their website.

漏洞发生后，Hedgey Finance 已启动全面调查，以破译攻击机制并加强安全措施，以防止未来出现类似漏洞。该平台已建议有有效索赔的用户使用其网站上提供的“结束令牌索赔”功能立即取消索赔。

Hedgey Finance's statement reads, "We are diligently collaborating with our auditors and internal team to grasp the nature of the attack and terminate any ongoing malicious activity. As we gain further insights, we will provide additional updates."

Hedgey Finance 的声明中写道：“我们正在与我们的审计师和内部团队努力合作，以了解攻击的性质并终止任何正在进行的恶意活动。当我们获得进一步的见解时，我们将提供更多更新。”

Lessons Learned: Security Imperatives in the Crypto Space

经验教训：加密货币领域的安全要求

The theft from Hedgey Finance serves as a stark reminder of the vulnerabilities that persist in the digital asset realm. It underscores the pressing need for robust security measures, real-time threat detection systems, and proactive collaboration between technology providers and security firms to protect user assets effectively. As the investigation progresses, the crypto community will be closely monitoring developments, hoping for the recovery of the stolen funds and the implementation of more robust security measures in the future.

Hedgey Finance 的盗窃事件清楚地提醒人们，数字资产领域仍然存在漏洞。它强调了对强大的安全措施、实时威胁检测系统以及技术提供商和安全公司之间的主动协作的迫切需求，以有效保护用户资产。随着调查的进展，加密货币社区将密切关注事态发展，希望能够追回被盗资金并在未来实施更强有力的安全措施。