Token Infrastructure Platform Hacked: .5 Million Stolen in Cryptos

Hedgey Finance, a prominent token infrastructure platform, has reported a massive theft of approximately $44.5 million in cryptocurrencies.

This incident unfolded rapidly over two hours, affecting operations on Ethereum’s layer-2 network Arbitrum and Binance Smart Chain.

Overview of the Attack

According to a detailed analysis by blockchain security firm Cyvers, the theft was executed by exploiting a vulnerability in Hedgey’s “createLockedCampaign” function.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

The attacker utilized flash-loaned funds to initiate the theft, demonstrating a sophisticated understanding of both the platform’s operational mechanics and existing security flaws.

The initial phase of the attack saw the theft of $1.9 million, which was quickly converted into the DAI stablecoin and moved to an external address.

The assailant then replicated the attack on the Arbitrum chain, siphoning off a staggering $42.8 million after securing funding on the ETH Chain via FixedFloat.

Despite Cyvers’s rapid anomaly detection, efforts to contact Hedgey Finance’s team for an immediate response were futile.

This incident underscores the critical need for enhanced communication and collaboration between decentralized applications (dApps) and security firms to mitigate risks and restore trust within the community effectively.

As per the latest report from Cryptostale, a Token Infrastructure Platform was hacked, resulting in the theft of $44.5 million worth of cryptocurrencies. 

Impact on the Cryptocurrency Market

Following the breach, the suspicious address linked to the attack became the largest holder of the BONUS token, the native cryptocurrency of BonusBlock.

This project is known for its focus on acquiring and integrating high-quality users into the Web3 ecosystem.

As a result of the attack, the value of BONUS has plummeted by approximately 10%, currently priced at $0.5084, according to CoinMarketCap.


Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection
  • Interactive Malware Analysis
  • Easy to Learn by New Security Team members
  • Get detailed reports with maximum data
  • Set Up Virtual Machine in Linux & all Windows OS Versions
  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

The attacker has not remained idle post-theft.

Over 200,000 BONUS tokens, worth around $110,000, have been transferred to the Bybit exchange.

This move indicates an attempt to liquidate the stolen assets swiftly, complicating recovery efforts.

Response from Hedgey Finance

In reaction to the breach, Hedgey Finance has launched a comprehensive investigation to understand the attack’s mechanics and prevent further vulnerabilities.

The platform has advised users with active claims to cancel them using the “End Token Claim” feature on their website.

The company stated: “We are actively working with our auditors and team to understand the attack and stop any ongoing attack.

We will share more information as we learn more.”

The theft from Hedgey Finance is a stark reminder of the vulnerabilities that persist in the digital asset space.

It emphasizes the urgent need for robust security measures, real-time threat detection systems, and proactive collaboration between technology providers and security firms to safeguard user assets effectively.

As the investigation continues, the crypto community will be watching closely, hoping for recovery of the stolen funds and more vital security implementations in the future.

Combat Email Threats with Easy-to-Launch Phishing Simulations: Email Security Awareness Training -> Try Free Demo 

Divya is a Senior Journalist at Cyber Security news covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.