DeFi platform Hedgey Finance hit by $44 million exploit

Two separate attacks, valued at approximately $44.7 million, have successfully exploited Hedgey Finance’s token infrastructure platform.

On April 19, as reported in a blog post by cybersecurity company Cyvers, Arbitrum network user Hedgey experienced a loss of over $42.8 million in ARB tokens due to a security breach. The malicious actor has already transferred some of the stolen funds to the cryptocurrency exchange Bybit.

Previously, Cybers issued a warning (X alert) that hackers managed to steal cryptocurrency amounting to $1.9 million from Hedgey protocol on the Ethereum network.

The Hedgey protocol announced that an exploit has been identified, and they are collaborating with auditors to gain a clearer picture of the underlying cause for this persistent assault. According to a recent post on April 19, they expressed this in an X forum.

“We’re investigating an attack on the Hedgey Token Claim Contract. If you have created active claims, please cancel them using the “End Token Claim” button…”

After Hedgey announced the discovery of the exploit, fraudulent accounts posing as the protocol began sharing questionable links in the thread. These links urged users to request refunds or withdraw smart contract authorizations, leading to unrelated and potentially harmful websites.

A vulnerability was discovered in the Bitcoin system just prior to the highly anticipated event, known as the halving, which was scheduled to decrease reward payments for mining new blocks by half.

Over $500 million stolen in crypto hacks in Q1 2024

In the opening three months of 2024, CertiK’s on-chain security report named Hack3d documented 223 instances of hacks and exploits that resulted in over $502 million in stolen digital assets.

In the second quarter of 2023, there was a significant jump in cryptocurrency theft, amounting to a 54% rise from the first quarter’s total of $326 million. The most productive month for hackers was January, with over $193 million taken in 78 separate on-chain incidents.

In the recent past, instances of hacked private keys continued to lead the pack as the most frequent means of cyber attacks, resulting in a significant loss of approximately $239 million in twenty-six separate occurrences. These attacks, which target compromised private keys, make up only around 11.7% of all reported security breaches. (CertiK’s data)

In a positive turn of events, approximately $77.9 million that had been stolen was recovered during the first quarter, with most of those funds linked back to the Munchables data breach.

Approximately $1.8 billion was stolen through cryptocurrency hacks and scams in the year 2023. Among this total, around $324 million can be linked back to the North Korean cybercrime group, Lazarus, based on a December 28th report by Immunefi.

Read More

2024-04-19 16:53