4450 万美元抢劫案：对冲金融网络攻击中利用的安全漏洞

领先的代币基础设施平台 Hedgey Finance 在以太坊的第 2 层网络 Arbitrum 和币安智能链上遭受了约 4450 万美元的巨额损失。此次恶意攻击是通过闪贷资金利用Hedgey的“createLockedCampaign”功能进行的，导致资金被盗走。

Major Theft of $44.5 Million from Hedgey Finance Exploits Security Weakness

利用安全漏洞从 Hedgey Finance 盗窃 4450 万美元

A severe cyberattack has resulted in the theft of approximately $44.5 million worth of digital assets from Hedgey Finance, a prominent platform for token infrastructure. The incident, which occurred within a two-hour window, exploited vulnerabilities on both Ethereum's layer-2 network Arbitrum and Binance Smart Chain.

一场严重的网络攻击导致著名的代币基础设施平台 Hedgey Finance 价值约 4450 万美元的数字资产被盗。该事件发生在两小时内，利用了以太坊第 2 层网络 Arbitrum 和币安智能链上的漏洞。

Attacker Exploits Security Flaw

攻击者利用安全漏洞

According to a statement released on April 19 by Cyvers, a renowned blockchain security firm, a malicious attacker successfully exploited Hedgey's "createLockedCampaign" function by utilizing flash-loaned funds to siphon off the funds.

根据知名区块链安全公司Cyvers 4月19日发布的声明，恶意攻击者成功利用Hedgey的“createLockedCampaign”功能，利用闪贷资金吸走资金。

Breakdown of the Theft

盗窃案的详细情况

The initial attack on the Arbitrum chain resulted in the theft of $1.9 million, which was swiftly converted into the DAI stablecoin and subsequently transferred to an external address.

对 Arbitrum 链的最初攻击导致 190 万美元被盗，该资金迅速转换为 DAI 稳定币，随后转移到外部地址。

Subsequently, the attacker targeted the Arbitrum chain again, exploiting the same vulnerability to steal $42.8 million after obtaining funding from the ETH Chain via FixedFloat.

随后，攻击者再次瞄准Arbitrum链，通过FixedFloat从ETH链获取资金后，利用同一漏洞窃取了4280万美元。

Cyvers' Unsuccessful Attempts to Contact Hedgey Finance

Cyvers 尝试联系 Hedgey Finance 未果

Cyvers revealed that despite detecting the malicious activity, their efforts to reach Hedgey Finance's team proved futile. The firm emphasized the crucial need for open collaboration between dApps (decentralized applications) and security providers to mitigate risks and rebuild trust within the industry.

Cyvers 透露，尽管检测到了恶意活动，但他们联系 Hedgey Finance 团队的努力被证明是徒劳的。该公司强调 dApp（去中心化应用程序）和安全提供商之间迫切需要开放合作，以降低风险并重建行业内的信任。

BONUS Token Impact

奖励代币影响

Following the attack, the suspicious address involved in the theft emerged as the primary holder of the BONUS token. BONUS serves as the native digital asset of BonusBlock, a project dedicated to attracting and welcoming high-quality users to the Web3 ecosystem.

攻击发生后，参与盗窃的可疑地址成为 BONUS 代币的主要持有者。 BONUS是BonusBlock的原生数字资产，BonusBlock是一个致力于吸引和欢迎优质用户加入Web3生态系统的项目。

Decline in BONUS Token Value

奖励代币价值下降

Data from CoinMarketCap indicates a significant drop in the value of the BONUS token by approximately 10%, with its current value standing at $0.5084. This decline is attributed to the consequences of the attack.

CoinMarketCap 的数据显示，BONUS 代币的价值大幅下跌约 10%，目前价值为 0.5084 美元。这种下降归因于攻击的后果。

Stolen Assets on the Move

移动中的被盗资产

The attacker has initiated the transfer of some of the stolen assets, including over 200,000 BONUS tokens valued at $110,000, to the Bybit exchange.

攻击者已开始将部分被盗资产转移到 Bybit 交易所，其中包括超过 200,000 个奖励代币，价值 110,000 美元。

Hedgey Finance Response

对冲金融回应

In response to the exploit, Hedgey Finance announced an ongoing investigation into the attack. The firm swiftly advised users with active claims to cancel them using the "End Token Claim" feature on the platform's website.

作为对这一漏洞的回应，Hedgefinance 宣布对此次攻击进行持续调查。该公司迅速建议有主动索赔的用户使用平台网站上的“结束令牌索赔”功能取消索赔。

"We are actively working with our auditors and team to understand the attack and stop any ongoing attack. We will share more information as we learn more," the firm stated.

该公司表示：“我们正在积极与我们的审计师和团队合作，以了解此次攻击并阻止任何正在进行的攻击。随着我们了解更多信息，我们将分享更多信息。”

Phishing Scams Emerge

网络钓鱼诈骗不断出现

Simultaneously, numerous fraudulent accounts impersonating the Hedgey protocol have surfaced on social media platforms. These accounts attempt to deceive hacked platform users into requesting refunds or revoking their smart contract approvals through suspicious phishing links.

与此同时，社交媒体平台上出现了大量冒充 Hedgey 协议的欺诈账户。这些帐户试图通过可疑的网络钓鱼链接欺骗被黑的平台用户请求退款或撤销其智能合约批准。

Conclusion

结论

The theft of $44.5 million from Hedgey Finance highlights the ongoing security challenges faced by the cryptocurrency industry. It underscores the critical importance of robust security measures, open collaboration, and prompt response mechanisms to safeguard digital assets from malicious actors.

Hedgey Finance 4450 万美元被盗凸显了加密货币行业持续面临的安全挑战。它强调了强有力的安全措施、开放协作和及时响应机制对于保护数字资产免受恶意行为者的侵害至关重要。