DeFi Project Hedgey Finance Suffers $44M Exploit

Hedgey Protocol has acknowledged the security breach and stated that it is collaborating with audit teams to pinpoint the flaw that may be fueling the current attack.

Defi Platform Hedgey Finance Suffers $44M Exploit

Hedgey Finance, recognized for its support of decentralized autonomous organizations (DAOs) through token distribution, recently suffered a security breach.

Reports from Cyvers Alerts and the blockchain security company CertiK on April 19 indicate that the DeFi platform suffered an attack, losing $44.7 million across the Ethereum and Arbitrum blockchains.

Hedgey Protocol has acknowledged the security breach and stated that it is collaborating with audit teams to pinpoint the flaw fueling the current attack. In a message posted on April 19 on platform X, they noted: “We are looking into an assault on the Hedgey Token Claim Contract. Should you have any active claims, we advise you to terminate them by clicking on the ‘End Token Claim’ option…”

Security Alert: We're investigating an attack on the Hedgey Token Claim Contract. If you have created active claims, please cancel them using the "End Token Claim" button at https://t.co/Tt7Aq0n2dh.
We are are actively working with our auditors and team to understand the attack…
— Hedgey (@hedgeyfinance) April 19, 2024

The assailants exploited weaknesses in the on-chain token infrastructure protocol of Hedgey Finance. They utilized the ‘createLockedCampaign’ function, employing flash-loaned assets to obtain permission to spend tokens from the targeted contract. This violation resulted in the theft of USDC, NOBL, and MASA tokens. After the heist, the criminals exchanged the purloined assets for DAI by selling them.

The culprits plotted on the Arbitrum network, managing to withdraw about $42.8 million. According to Cyvers, the perpetrators have already transferred $110K to Bybit. Meanwhile, on the Ethereum blockchain, the identical security breach led to a loss of nearly $1.9 million.

In March, a report indicated a decline in the cryptocurrency sector’s losses from hacks and scams in the first quarter of 2024 compared to the same timeframe in 2023. The total losses amounted to roughly $336.3 million in Q1 2024, down from $437.5 million in Q1 2023, with the report cataloging 46 hacking events and 15 fraud cases.