Token infrastructure platform Hedgey Finance has experienced two concurrent Defi exploit, resulting in the loss of funds totaling $44.7 million.
A breach on the Arbitrum network affecting Hedgey compromised more than $42.8 million worth of Arbitrum (ARB) tokens, according to an April 19 X post by on-chain security firm Cyvers. An adversary has reportedly transferred a fraction of the stolen funds to the Bybit cryptocurrency exchange.
A previous compromise of the Hedgey protocol on the Ethereum network compromised $1.9 million worth of cryptocurrency, as reported by Cyvers in an X alert.
The Hedgey protocol has verified the exploit and stated that it is collaborating closely with auditors to identify the flaw that may be the source of the ongoing attack. An April 19 X post stated:
“We’re investigating an attack on the Hedgey Token Claim Contract. If you have created active claims, please cancel them using the “End Token Claim” button…”
Following Hedgey’s confirmation of the exploit, fraudulent accounts posing as the protocol began to publish potentially harmful links beneath the thread. These links directed individuals to revoke their smart contract approvals or request a refund but had no affiliation with the Hedgey protocol.
The breach transpired several hours before the highly anticipated Bitcoin halving, which aimed to halve the rewards for block issuance.
Over $500M Lost to Hacks in Q1 2024
Two hundred twenty-three breaches and exploits totaling more than $502 million in stolen digital assets occurred during the first quarter of 2024, according to the Hack3d report by on-chain security firm CertiK.
This signifies a 54% surge compared to the initial quarter of 2023, during which funds valued at $326 million were stolen. January was the most profitable month for hackers, with 78 on-chain incidents resulting in the theft of over $193 million of cryptocurrencies.
As in prior quarters, compromised private keys continued to be the leading vector of attack, resulting in the loss of more than $239 million across 26 incidents. CertiK reports that compromised private critical exploits constitute 11.7% of security incidents.
Most of the returned funds, which amounted to more than $77.9 million, were traceable to the Munchables security breach.
Immunefi identified the North Korean Lazarus Group as the responsible party for 17% of the $1.8 billion in losses incurred in 2023 due to crypto breaches and scammers (December 28 report).
