- Hedgey Finance lost $44.5 million due to a cyberattack exploiting a function on its platform across multiple blockchains.
- The attacker converted stolen funds to stablecoins and moved significant amounts to external addresses and exchanges.
- Hedgey advises users to secure their assets as it investigates the breach, amid rising fraudulent social media activity.
Hedgey Finance, a known entity in the token infrastructure sector, recently reported a significant loss of approximately $44.5 million in digital assets. This loss occurred within a brief span of two hours and affected its operations on both the Ethereum layer-2 network Arbitrum and the Binance Smart Chain.
Details of the Theft
The security breach was executed by exploiting a vulnerability in the “createLockedCampaign” function of Hedgey’s system. The attacker utilized flash loans—a type of uncollateralized loan used in cryptocurrency transactions—to withdraw $1.9 million initially. This amount was quickly converted to the DAI stablecoin and shifted to an external address.
The theft escalated when the same method was applied on the Arbitrum chain, where the attacker managed to extract a further $42.8 million. This larger sum was facilitated by funds transferred over from the ETH Chain via the FixedFloat service.
Security Response and Ongoing Challenges
Cyvers, a blockchain security firm monitoring the situation, detected the attack but faced challenges in contacting Hedgey Finance’s team immediately. The security firm has emphasized the need for more robust cooperation between decentralized applications (dApps) and security experts to enhance safeguards and restore confidence within the community.
In the aftermath of the attack, the address linked to the suspicious activities became the largest holder of the BONUS token, the native cryptocurrency of the BonusBlock project. This incident has negatively impacted the token’s market value, which fell by about 10% to $0.5084, as reported by CoinMarketCap.
Immediate Actions and Caution Against Frauds
As Hedgey Finance grapples with this security issue, it has initiated a thorough investigation and urged users with active claims on their platform to use the “End Token Claim” feature to protect their assets. Additionally, the attacker has started transferring stolen assets, including over 200,000 BONUS tokens worth approximately $110,000, to the Bybit exchange.
Moreover, there has been a surge in fake accounts on the social media platform X, posing as Hedgey protocol representatives and offering fraudulent refunds or smart contract retraction guidance through phishing links.
