DeFi platform Hedgey Finance Suffers $44.7 Million Exploit

Hedgey Finance, a decentralized finance (DeFi) platform known for supporting decentralized autonomous organizations (DAOs) with token distribution services, recently found itself under siege in a cyber attack that resulted in a substantial loss of $44.7 million across two blockchain platforms, Arbitrum and Ethereum. This attack has raised concerns about the security vulnerabilities within the decentralized finance (DeFi) ecosystem and the urgent need for enhanced security measures.

The first blow came as an exploit worth $42.8 million in Arbitrum (ARB) tokens on the Arbitrum network, as reported in an April 19 announcement by on-chain security firm Cyvers. Shockingly, the attacker wasted no time and swiftly deposited some ill-gotten gains into the Bybit cryptocurrency exchange.

Before this colossal setback, the Hedgey protocol suffered another heavy blow: a hack on the Ethereum network resulted in a loss of $1.9 million worth of crypto, according to an alert from Cyvers.

🚨UPDATE🚨@hedgeyfinance has experienced security breach with their Hedgey Token Claim Contract!

Total loss is around $1.9M. Attacker is funded by @ChangeNOW_io.

All stolen funds are swapped to $DAI and transferred to an EOA at https://t.co/MT78LFSQ7G

We urge all users to… https://t.co/hwuBjTiebp

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) April 19, 2024

Moreover, Hedgey protocol confirmed the exploit and is working with auditors to understand the vulnerability behind the potentially ongoing attack. In a statement released on April 19, Hedgey protocol stated:

“We’re investigating an attack on the Hedgey Token Claim Contract. If you have created active claims, please cancel them using the ‘End Token Claim’ button…”

Shortly after Hedgey confirmed the exploit, scam accounts impersonating the protocol posted potentially malicious links under the thread. These accounts urged people to request a refund or revoke their smart contract approvals. The links pointed to suspicious links without connection to the Hedgey protocol. The exploit occurred hours before the much-anticipated Bitcoin halving, halving block issuance rewards.

Crypto Hacks Surge in Q1 2024

These incidents further underscore the rampant rise of crypto-related hacks and exploits. According to the “Hack3d” report released by CertiK, a leading on-chain security firm, there were a staggering 2023 hacks and exploits in the first quarter of 2024. These incidents resulted in a total loss exceeding $502 million in digital assets.

This represents a 54% increase compared to the first quarter of 2023, which saw $326 million worth of funds stolen. January was the most lucrative month for hackers, who stole over $193 million worth of crypto in 78 on-chain incidents.

As in previous quarters, compromised private keys remained the top attack vector, with over $239 million lost in 26 incidents. However, according to CertiK, compromised private key exploits only account for 11.7% of all security incidents.

Furthermore, over $77.9 million in stolen funds were returned in the first quarter, primarily linked to the Munchables security breach. A report by Immunefi on December 28 revealed that $1.8 billion was lost to crypto hacks and scammers in 2023. The North Korean Lazarus Group accounted for 17% of this total.

Related Reading | Ethereum Massive Sell-Off Shakes Crypto Market