Hedgey Finance, a key player in on-chain token infrastructure, recently suffered two major security breaches. These incidents occurred on the Ethereum and Arbitrum blockchains, as confirmed by security firm Cyvers. The attackers exploited a flaw in Hedgey Finance’s token claims contract, leading to significant financial losses.
On April 19, the first breach took place on the Ethereum blockchain, resulting in the theft of approximately $1.9 million in cryptocurrency. Cyvers was the first to report this attack. Analysis of on-chain data revealed that the attackers initially received funding from the web3 crypto exchange, ChangeNOW. Subsequently, they converted the stolen assets into DAI, a stablecoin created by Maker.
In response to the breach, Hedgey Finance quickly acknowledged the incident and initiated an ongoing investigation. They advised their users to revoke any token claim permissions as a precautionary measure.
Continued Vulnerability Leads to Second Major Theft
Shortly after the initial incident, a second, even more damaging attack was detected. This time, the culprits targeted Hedgey Finance on the Arbitrum network, pilfering a staggering $42.8 million. Part of these stolen funds was transferred to the cryptocurrency exchange Bybit. Remarkably, the attackers used the same vulnerability in Hedgey Finance’s system for both the Ethereum and Arbitrum attacks.
These breaches underscore the ongoing risks within decentralized finance (DeFi) platforms, highlighting the need for enhanced security measures. Industry experts continuously advocate for increased investment in security protocols to protect against such vulnerabilities.
Despite these high-profile incidents, there is a silver lining. Recent statistics from Peckshield indicate a 50% reduction in crypto exploits over the past month, suggesting an improvement in the security landscape. Additionally, white hat experts are stepping up, offering real-time hack reporting services and sharing strategies to combat exploits. This proactive approach is essential for maintaining trust and security as cryptocurrency gains broader acceptance.