Hackers breach Hashflow protocol for about $600,000, with white-hat attacker suspected
Analysts at PeckShield reported a breach of the decentralized trading platform Hashflow for roughly $600,000.
It seems to be white-hat op on the following exploits @hashflow
eth: https://t.co/9mp3NPV5ZR
arb: https://t.co/vCfvuKnreK
bsc: https://t.co/6SxrLHDO4i
polygon: https://t.co/ZrWHfQD1p8
avanlanche:https://t.co/fNXcQWQ4GF https://t.co/fJPoShmgSM pic.twitter.com/wnYfVyXQta— PeckShield Inc. (@peckshield) June 14, 2023
According to experts, the vulnerability was linked to operation approvals in the protocol’s cross-chain bridge. Hashflow offers cross-chain exchange of various digital assets.
According to Etherscan, the attacker targeted the protocol deployment address. The exploit affected contracts on Ethereum, Arbitrum, BNB Chain, Polygon and Avalanche.
The hacker is likely a white hat. The contract holding the stolen assets includes a function for full reimbursement to owners and the option to leave a 10% tip.
UPDATE
The whitehat verified his contract, you can now call recover or recoverWithDonate, just past the token token in the function and call it.
BUT PLEASE DONT FORGET TO REVOKE ALLOWANCE TO 0x79cdfd7bc46d577b95ed92bcdc8ababa1844af0c OR YOU GET HACKED AGAIN pic.twitter.com/P4CEhxrC1P
— yannickcrypto.eth (@YannickCrypto) June 14, 2023
Hashflow representatives said they were monitoring the situation. All affected users were promised compensation.
We’re addressing the current situation flagged by @peckshield. Please be assured that:
1. All users comprising the ~$600K affected will be made whole.
2. The Hashflow DEX was in no way impacted and remains fully operational.We will share a detailed post mortem once complete.
— hashflow (@hashflow) June 14, 2023
Hashflow никоим образом не пострадал и остается полностью работоспособным. После завершения расследования мы поделимся подробными данными», — заявили в компании.
В июле 2022 года проект закрыл раунд финансирования на $25 млн. После него оценка Hashflow достигла $400 млн.
As reported, user losses from the non-custodial Atomic Wallet hack exceeded $100 million.
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!