On-chain token infrastructure provider Hedgey Finance suffered two exploits as attackers leveraged a bug in its token claims contract.
According to alerts from security startup Cyvers, Hedgey Finance was hacked on April 19 across the Ethereum (ETH) and Arbitrutm (ARB) blockchains. Cyvers reported that the first attack was deployed on ETH’s chain, and hackers stole around $1.9 million in crypto.
On-chain analytics showed that the attacker’s address was funded from web3 crypto exchange ChangeNOW, while stolen funds were swapped into Maker’s stablecoin DAI after the exploit.
Hedgey Finance issued a notice confirming the incident and said an investigation was ongoing. Users were advised to revoke token claim permission until further notice.
“We are actively working with our auditors and team to understand the attack and stop any ongoing attacks. We will share more information as we learn more.”
Hedgey Finance team
The protocol allows anyone to create an options market for digital assets, enabling users to buy and sell calls and puts on cryptocurrencies issued on EVM-compatible chains. No listing requirement exists, and users can immediately engage in peer-to-peer ERC20 options trading.
Hedgey Finance hit on ARB’s network
Shortly after the first alert, Cyvers issued a follow-up notice pointing to a second attack. This time, hackers siphoned $42.8 million and transferred some of the proceeds to Bybit. The attackers leveraged the same Hedgey Finance vulnerability on both Ethereum and Abritrum.
Hedgey Finance’s exploit echoes security veterans’ sentiments that protocols must dedicate additional resources and expertise toward safeguarding defi platforms. As crypto continues to capture mainstream attention, on-chain security will likely remain a front-boiler topic for industry stalwarts and newcomers. However, statistics show that hacks may be declining.
Last month, Peckshield noted that crypto exploits decreased by 50%, resulting in smaller investor losses. White hat experts have also provided a help desk to report hacks in real-time and distribute information exploit strategies.