{"id":80245,"date":"2023-06-15T11:20:09","date_gmt":"2023-06-15T08:20:09","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=80245"},"modified":"2025-09-11T15:48:56","modified_gmt":"2025-09-11T12:48:56","slug":"hackers-breach-hashflow-protocol-for-about-600000-with-white-hat-attacker-suspected","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/hackers-breach-hashflow-protocol-for-about-600000-with-white-hat-attacker-suspected\/","title":{"rendered":"Hackers breach Hashflow protocol for about $600,000, with white-hat attacker suspected"},"content":{"rendered":"<p>Analysts at PeckShield reported a breach of the decentralized trading platform Hashflow for roughly $600,000.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">It seems to be white-hat op on the following exploits <a href=\"https:\/\/twitter.com\/hashflow?ref_src=twsrc%5Etfw\">@hashflow<\/a> <\/p>\n<p>eth: <a href=\"https:\/\/t.co\/9mp3NPV5ZR\">https:\/\/t.co\/9mp3NPV5ZR<\/a><br \/>arb: <a href=\"https:\/\/t.co\/vCfvuKnreK\">https:\/\/t.co\/vCfvuKnreK<\/a> <br \/>bsc: <a href=\"https:\/\/t.co\/6SxrLHDO4i\">https:\/\/t.co\/6SxrLHDO4i<\/a><br \/>polygon: <a href=\"https:\/\/t.co\/ZrWHfQD1p8\">https:\/\/t.co\/ZrWHfQD1p8<\/a><br \/>avanlanche:<a href=\"https:\/\/t.co\/fNXcQWQ4GF\">https:\/\/t.co\/fNXcQWQ4GF<\/a> <a href=\"https:\/\/t.co\/fJPoShmgSM\">https:\/\/t.co\/fJPoShmgSM<\/a> <a href=\"https:\/\/t.co\/wnYfVyXQta\">pic.twitter.com\/wnYfVyXQta<\/a><\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) <a href=\"https:\/\/twitter.com\/peckshield\/status\/1669059991775371265?ref_src=twsrc%5Etfw\">June 14, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to experts, the vulnerability was linked to operation approvals in the protocol&#8217;s cross-chain bridge. Hashflow offers cross-chain exchange of various digital assets.<\/p>\n<p>According to Etherscan, the attacker targeted the protocol deployment address. The exploit affected contracts on Ethereum, <a href=\"https:\/\/forklog.com\/en\/news\/what-is-arbitrum\">Arbitrum<\/a>, BNB Chain, <a href=\"https:\/\/forklog.com\/en\/news\/what-is-polygon-matic\">Polygon<\/a> and <a href=\"https:\/\/forklog.com\/en\/news\/what-is-avalanche-avax\">Avalanche<\/a>.<\/p>\n<p>The hacker is likely a white hat. The contract holding the stolen assets includes a function for full reimbursement to owners and the option to leave a 10% tip.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">UPDATE<\/p>\n<p>The whitehat verified his contract, you can now call recover or recoverWithDonate, just past the token token in the function and call it.<\/p>\n<p>BUT PLEASE DONT FORGET TO REVOKE ALLOWANCE TO 0x79cdfd7bc46d577b95ed92bcdc8ababa1844af0c OR YOU GET HACKED AGAIN <a href=\"https:\/\/t.co\/P4CEhxrC1P\">pic.twitter.com\/P4CEhxrC1P<\/a><\/p>\n<p>\u2014 yannickcrypto.eth (@YannickCrypto) <a href=\"https:\/\/twitter.com\/YannickCrypto\/status\/1669036532693442563?ref_src=twsrc%5Etfw\">June 14, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Hashflow representatives said they were monitoring the situation. All affected users were promised compensation.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">We\u2019re addressing the current situation flagged by <a href=\"https:\/\/twitter.com\/peckshield?ref_src=twsrc%5Etfw\">@peckshield<\/a>. Please be assured that:<\/p>\n<p>1. All users comprising the ~$600K affected will be made whole.<br \/>2. The Hashflow DEX was in no way impacted and remains fully operational.<\/p>\n<p>We will share a detailed post mortem once complete.<\/p>\n<p>\u2014 hashflow (@hashflow) <a href=\"https:\/\/twitter.com\/hashflow\/status\/1669031128307572766?ref_src=twsrc%5Etfw\">June 14, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Hashflow \u043d\u0438\u043a\u043e\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c \u043d\u0435 \u043f\u043e\u0441\u0442\u0440\u0430\u0434\u0430\u043b \u0438 \u043e\u0441\u0442\u0430\u0435\u0442\u0441\u044f \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u0440\u0430\u0431\u043e\u0442\u043e\u0441\u043f\u043e\u0441\u043e\u0431\u043d\u044b\u043c. \u041f\u043e\u0441\u043b\u0435 \u0437\u0430\u0432\u0435\u0440\u0448\u0435\u043d\u0438\u044f \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043c\u044b \u043f\u043e\u0434\u0435\u043b\u0438\u043c\u0441\u044f \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u043c\u0438\u00bb, \u2014 \u0437\u0430\u044f\u0432\u0438\u043b\u0438 \u0432 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438.<\/p>\n<\/blockquote>\n<p>\u0412 \u0438\u044e\u043b\u0435 2022 \u0433\u043e\u0434\u0430 \u043f\u0440\u043e\u0435\u043a\u0442 \u0437\u0430\u043a\u0440\u044b\u043b <a href=\"https:\/\/forklog.com\/en\/news\/hashflow-raises-25-million-from-coinbase-and-kraken\">\u0440\u0430\u0443\u043d\u0434 \u0444\u0438\u043d\u0430\u043d\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 $25 \u043c\u043b\u043d<\/a>. \u041f\u043e\u0441\u043b\u0435 \u043d\u0435\u0433\u043e \u043e\u0446\u0435\u043d\u043a\u0430 Hashflow \u0434\u043e\u0441\u0442\u0438\u0433\u043b\u0430 $400 \u043c\u043b\u043d.<\/p>\n<p>As reported, user losses from the non-custodial Atomic Wallet hack <a href=\"https:\/\/forklog.com\/en\/news\/atomic-wallet-hack-losses-exceed-100-million\">exceeded $100 million<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Analysts at PeckShield reported a breach of the decentralized trading platform Hashflow for roughly $600,000.<\/p>\n","protected":false},"author":1,"featured_media":80246,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44],"class_list":["post-80245","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime"],"aioseo_notices":[],"amp_enabled":true,"views":"22","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/80245","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=80245"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/80245\/revisions"}],"predecessor-version":[{"id":80247,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/80245\/revisions\/80247"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/80246"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=80245"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=80245"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=80245"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}