Hedgey Finance Loses $45M in Cross-Network Cyber Heist

Hedgey Finance, a decentralized finance (DeFi) platform specializing in token infrastructure, has suffered a significant security breach across multiple blockchains, resulting in an estimated total loss of $44.7 million. The attackers exploited a vulnerability in the platform's 'createLockedCampaign' function, which enabled them to authorize large token expenditures from Hedgey's contracts. The stolen assets included USDC, NOBL, and MASA tokens, which were converted to the DAI stablecoin through sales following the theft.

The breach, which occurred over a two-hour window, involved parallel exploits on both the Ethereum and Arbitrum networks. Initially, $1.9 million was siphoned off from the Ethereum network, which was then followed by a larger exploit of over $42.8 million in Arbitrum (ARB) tokens on the Arbitrum network. The attackers subsequently moved a portion of the stolen funds to the Bybit cryptocurrency exchange. Hedgey Finance confirmed the exploits and has since been working with auditors to investigate and address the vulnerabilities.

The attacks took place just hours before the anticipated Bitcoin halving event, which reduces the block issuance rewards for miners. This incident is indicative of a growing trend of cyber threats in the DeFi sector, with over $500 million reported stolen in Q1 of 2024 alone, marking a significant increase in such incidents from the previous year. Despite these attacks, there is evidence suggesting that the overall number of crypto exploits is on a declining trend, with a decrease in investor losses.