The token infrastructure platform Hedgey Finance has had two simultaneous hacks that have cost it $44.7 million in lost revenue. An X post from on-chain security company Cyvers on April 19 states that Hedgey was the victim of an exploit on the Arbitrum network valued around $42.8 million Arbitrum (ARB) tokens.A portion of the money has already been placed by the attacker on the Bybit cryptocurrency exchange.
According to an X notice by Cyvers, the Hedgey protocol was previously compromised for a total of $1.9 million in cryptocurrency on the Ethereum network.
Hedgey protocol confirmed the exploit, adding that it is actively working with auditors to understand the vulnerability behind the potentially ongoing attack. It said in an April 19 X post:
“We’re investigating an attack on the Hedgey Token Claim Contract. If you have created active claims, please cancel them using the “End Token Claim” button…”
Soon after Hedgey acknowledged the exploit, fake accounts pretending to be the protocol began posing under the thread links that could be harmful and advising users to cancel their approvals of smart contracts or request a refund. These links pointed to dubious websites that had nothing to do with the Hedgey protocol.The widely anticipated Bitcoin halving, which is scheduled to cut block issuance incentives in half, happened hours before the attack.
According to the Hack3d report from on-chain security company CertiK, there were 223 hacks and exploits in the first quarter of 2024, totaling over $502 million in stolen digital assets.In comparison, the first quarter of 2023 saw a total of $326 million in funds stolen, a 54% increase.Hackers made almost $193 million in cryptocurrency in 78 on-chain incidents in January, making it the most profitable month for them.
In line with prior quarters, compromised private keys continued to be the most common attack vector, resulting in 26 occurrences totaling over $239 million lost.Only 11.7% of security issues are caused by compromised private key exploits, according to CertiK.Positively, the Munchables security mishap was mostly responsible for the over $77.9 million in stolen monies that were eventually restored in the first quarter.In 2023, the North Korean Lazarus Group was responsible for 17% of the $1.8 billion lost to cryptocurrency hacking and scammers, according to a report released by Immunefi on December 28.