On-chain token infrastructure provider Hedgey Finance recently experienced two exploits due to a bug in its token claims contract. Security startup Cyvers reported that the hacks occurred on April 19 on the Ethereum (ETH) and Arbitrum (ARB) blockchains. The first attack on the ETH chain resulted in hackers stealing approximately $1.9 million in cryptocurrency.
Analytics revealed that the attacker’s address received funds from the web3 crypto exchange ChangeNOW and then swapped the stolen funds into Maker’s stablecoin DAI after the exploit. Hedgey Finance confirmed the incident and assured users that an investigation was underway. Users were advised to revoke token claim permission until further notice.
The protocol offered by Hedgey Finance allows users to create an options market for digital assets, enabling the buying and selling of calls and puts on cryptocurrencies issued on EVM-compatible chains. There are no listing requirements, and users can immediately engage in peer-to-peer ERC20 options trading.
Shortly after the initial attack, Cyvers issued a follow-up alert regarding a second attack on the ARB network. Hackers managed to siphon $42.8 million and move some of the proceeds to Bybit by exploiting the same vulnerability in Hedgey Finance on both Ethereum and Arbitrum.
As crypto continues to gain mainstream attention, on-chain security remains a critical topic for both industry veterans and newcomers. It is essential that protocols dedicate additional resources and expertise to safeguarding defi platforms.
While the recent exploits may raise concerns, statistics indicate that hacks in the crypto space are actually on the decline. According to Peckshield, crypto exploits decreased by 50% last month, resulting in smaller investor losses. White hat experts have also established a help desk for reporting hacks in real-time and sharing information on exploit strategies.