Gate.io 博客 Hedgey Finance Hit by $45 Million Cyberattack: A Wake-Up Call for the Blockchain Security

Hedgey Finance Hit by $45 Million Cyberattack: A Wake-Up Call for the Blockchain Security

05月08日 14:48

[//]:content-type-MARKDOWN-DONOT-DELETE
![](https://gimg2.gateimg.com/image/article/1715150452rdzz.jpeg)
## [TL; DR]
Hedgey Finance lost close to $45 million worth of crypto assets after hackers exploited DeFi vulnerabilities in its protocol. 
Cyvers Alerts calls for real-time monitoring of transactions on DeFi protocols.

Cyvers Alert has warned of possible money laundering after the stolen crypto assets from Hedgey Finance and FixedFloat were channeled to the same wallet address on Bybit exchange. 
## Introduction
The threat of cyberattacks on DeFi protocols and other blockchain based platforms continues. Despite the wakeup calls that have been made for a long time some blockchain protocols fail to implement strong security measures to avert possible threats. The sad thing is that most of the time the attackers use the same methods to swindle digital assets.

This article covers how some malevolent attackers stole close to $45 million worth of crypto assets from Hedgey Finance. In particular, we will analyze how the attackers capitalized on the weaknesses in the protocol.

## Cyber-attack on Hedgey Finance Results in a $45 Million loss
On 19 April, Hedgey Finance was cyber-attacked, leading to a loss of crypto assets worth around $45 million. The attackers syphoned out the cryptocurrencies using a series of transactions. Crypto assets worth $2.1 million were drained from the <a href="/zh-tw/price/ethereum-eth" target="_blank" class="blog_inner_link">Ethereum</a> mainnet, while $42.6 million worth of digital assets were stolen [from the Arbitrum blockchain](https://www.gate.io/learn/articles/a-deep-dive-into-arbitrum/487 "from the Arbitrum blockchain"). In all, cryptocurrencies worth around $44.7 were stolen through the Hedge Finance Cyberattack.

Basically, Hedgey Finance is a blockchain protocol that creates and manages on-chain token vesting, claim portals and lockups, among other crypto services. The attack on Hedgey Finance has led to renewed [calls for DeFi protocols](https://www.gate.io/blog_detail/1672/10-best-defi-protocols-to-invest-during-bear-markets "calls for DeFi protocols") to strengthen their blockchain security to prevent the loss of invested funds.

Soon after noticing the cyberattack Hedgey Finance alerted its users about the development. Posting [on X, it said](https://twitter.com/hedgeyfinance/status/1781400318644810138 "on X, it said"), “We will be doing a full post mortem in the coming days. Right now we are focused on working with the impacted users of the token claims product and recovering lost funds.”

It added, “In addition to our existing security audits we are working with ConsenSys Diligence to prepare additional audits and security procedures across all products. We will be sharing updates and more detailed information as the week progresses.”
## Cyvers, the Cybersecurity Firm that Detected the Incident
Cyvers Alerts, one of the leading cybersecurity watch dogs, was the first to alert the crypto community about the Hedgey Finance crypto cyberattack. After it noticed the exploit it tried to communicate with Hedgey Finance through various channels but it received no response. Also, through its site, Etherscan alerted the users about the attack as the following image indicates. 
![](https://gimg2.gateimg.com/image/article/17151506901.jpeg)
Source [Etherscan ](https://etherscan.io/address/0xd84f48b7d1aafa7bd5905c95c5d1ffb2625ada46 "Etherscan ")

Notably, the hackers swapped the  stolen crypto assets to DAI before moving them to their digital wallet. The failure by Hedgey Finance to notice alerts from cybersecurity firm communication indicates the need for blockchain companies to be watchful at all times.
## Exploring the Exploit Method: 'CreateLockedCampaign' Function and Flash loans
The attackers syphoned the crypto assets on Ethereum Arbitrum and [Binance Smart Chain](https://www.gate.io/price/view/binance-smart-chain "Binance Smart Chain") after overcoming Hedgey Finance’s digital defences. Presently, many hackers are targeting flash loans, a form of uncollateralized loan used in DeFi, since they can drain different crypto assets through single transaction blocks.

In this case, Cyvers Alerts gave an update on the method of attack the exploiters used. The malicious attackers capitalized on the DeFi vulnerabilities within the Hedgey Finance protocol. Their line of attack was a flash loan vulnerability. To access the flash loans they exploited the protocol’s ‘createLockedCampaign’ function.

The real problem was lack of input validation on the part of Hedgey Finance users. Due to that cybersecurity in crypto weakness the exploiter manipulated the system and gained unauthorized token approvals. After accessing the tokens the hackers invoked a call to the “cancelCampaign function” which allowed them to retrieve the approved and unclaimed assets.

The final activity was to transfer the assets from the victims’ contract to theirs. In order to succeed with this step they avoided the front-run by bots. The attackers stole USDC, NOBL, and MASA tokens which they converted to DAI, [a stablecoin pegged](https://www.gate.io/learn/articles/what-is-pegging-in-crypto/802 "a stablecoin pegged") to the United States dollar. In addition, they also acquired 77.74 million BONUS tokens.

In the aftermath of that attack Cyvers advised the crypto industry to take a coordinated approach towards preventing similar crypto industry threats. It emphasized the need for decentralized applications (dApps) and security firms to collaborate to mitigate the risks that exist in the sector so as to restore trust and confidence within the crypto ecosystem. 
## Hedgey’s Reaction and Response

The Hedgey Team acknowledged the cryptocurrency theft through the flash loan exploit. Posting on its X page, [it said](https://twitter.com/hedgeyfinance/status/1781257581488418862 "it said"), “ We're investigating an attack on the Hedgey Token Claim Contract. If you have created active claims, please cancel them using the "End Token Claim."

In the meantime, the team announced that it was carrying out an investigation on what transpired. It said that it was working with auditors to identify the real cause of the exploit and promised to implement stronger digital asset protection measures to ensure no similar exploitation will occur in the future.

Another sad development that occurred after the news of the attack reached the crypto market was the impersonation of  Hedge Finance  by several several scam accounts. They posted messages, with potentially malicious links, asking the Hedgey Finance users to revoke their smart contract approvals or request for refunds. 
## Money Laundering Concerns
Cyvers has hinted that the stolen crypto assets may be used for money laundering in crypto purposes. This follows a transfer of a large amount of funds to Bybit crypto exchange. Previously, the same address received much crypto funds from FixedFloat, another cryptocurrency exchange, which also suffered a $2.8 million crypto theft.

The Hedgey Finance crypto theft indicates a rise in security threats within the DeFi sector. Therefore, it highlights the need for DeFi firms to implement real-time monitoring crypto services and the adoption of rapid response mechanisms. 
## History of Crypto Exploits in 2024
The Hedgey Finance attack is part of a broader trend within the cryptocurrency sector. Some of these hacks are linked to money laundering in crypto perpetrated by organized criminal groups like the Lazarus Group, a North Korean government affiliate.  According to Cyvers Alerts, a total of nearly $739.7 million worth of cryptocurrencies have been stolen so far in 2024 as the next graph indicates. 
![](https://gimg2.gateimg.com/image/article/17151508472.jpeg)
Source: [x.com](https://twitter.com/Cyvers_/status/1777640598230684103/photo/1 "x.com")

Based on such statistics it is clear that the cyber-attackers that are targeting DeFi protocols are conversant with evolving blockchain security measures. At the same time, it requires a concerted effort among blockchain sector players to avert more damage in the future. 
## Conclusion
Hedgey Finance lost close to $45 million worth of crypto assets through a recent security breach on its protocol. Cyber malicious actors are increasingly targeting platforms that offer flash loans as they can get away with many cryptocurrencies through a few transactions. In the meantime, Cyvers Alert has called for unity of purposes among blockchain security firms and DeFi protocols to prevent future crypto exploitations.

<div class="blog-details-info">
<div>Author:** Mashell C.**, Gate.io Researcher
<div class="info-tips">\*This article represents only the views of the researcher and does not constitute any investment suggestions.
<div>\*Gate.io reserves all rights to this article. Reposting of the article will be permitted provided Gate.io is referenced. In all cases, legal action will be taken due to copyright infringement.
</div>

[TL_ DR]

Introduction

Cyber-attack on Hedgey Finance Results in a $45 Million loss

Cyvers, the Cybersecurity Firm that Detected the Incident

Exploring the Exploit Method: _CreateLockedCampaign_ Function and Flash loans

Hedgey’s Reaction and Response

Money Laundering Concerns

History of Crypto Exploits in 2024

Conclusion

解鎖盲盒最高獲$6666獎勵

立即註冊

Hedgey Finance Hit by $45 Million Cyberattack: A Wake-Up Call for the Blockchain Security

選擇語言及地區

法幣匯率