fxs_header_sponsor_anchor

Hashflow assures users will be made whole following $600K exploit

Crypto trading platform Hashflow has assured affected users will be “made whole” following an exploit that saw at least $600,000 in digital assets removed from the platform.

On June 14, blockchain security firm Peckshield reported an ongoing issue with the Hashflow trading platform.

“It appears there is an approve-related issue,” the firm noted, reporting losses of around $600,000 in Aribtrum’s ARB token and Ether (ETH $1,637).

A couple of hours later, Hashflow alerted users that it was addressing the current situation related to contract approvals as flagged by Peckshield, adding:

All users comprising the ~$600K affected will be made whole.

The firm, which provides cross-chain swaps as part of its trading services, added that its decentralized exchange “was in no way impacted and remains fully operational.”

Peckshield suggested that the hacker that carried out the exploit may be a white hat hacker, as they provided a contract with a recovery function along with a second option for a donation.

Hashflow updated its status on June 15, providing recovery instructions for those affected by the exploit, which impacted Ethereum, Arbitrum, Avalanche, BNB Chain and Polygon.

Users were told they must “revoke approvals before recovering funds.”

There are two options for fund recovery, the first is for total funds and the second will donate 10% to the supposed white hat hacker that exploited the vulnerability but prevented further losses in doing so.

DeFi enthusiast YannickCrypto detailed the process, noting that the white hat had verified the contract but warned that users must revoke token allowances to depreciated contracts or they’ll get hacked again.

Hashflow’s native token, HFT, fell 7% in the 12 hours following the incident, falling to $0.338 at the time of writing, according to CoinGecko. The token remains down 90% from its November 2022 all-time high of $3.61.

It is the second DeFi exploit this week, as lending platform Sturdy Finance lost around $800,000 worth of Ethereum on June 12. The vulnerability was related to price manipulation, according to Peckshield, which issued the alert.

Sturdy Finance offered a bounty of $100,000 to the exploiter for the return of the funds.

Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers.


RELATED CONTENT

Loading ...



Copyright © 2024 FOREXSTREET S.L., All rights reserved.