Cryptocurrency trading platform Hashflow has assured that affected users will be "intact" after the breach resulted in the removal of at least $600,000 in digital assets from the platform.
On June 14, blockchain security firm Peckshield reported ongoing issues with the Hashflow trading platform. “There appears to be an approval-related issue,” the firm noted, reporting a loss of about $600,000 in Aribtrum's ARB tokens and ether.
A few hours later, Hashflow reminded users that it was addressing the current situation flagged by Peckshield related to contract approval, adding: "All of the approximately $600,000 affected users will be fully restored." The company offers cross-chain swaps as part of its trading services, adding that its decentralized exchange “has not been impacted in any way and remains fully operational.” Peckshield suggested that the hackers who performed the exploit were likely white hats, since they offered a contract with recovery functionality as well as a second donation option.
Hashflow updated its status on June 15 with recovery instructions for those affected by the bug, which affected Ethereum, Arbitrum, Avalanche, BNB Chain, and Polygon.
Users were told they had to "revoke their approval before getting their funds back." There are two options for fund recovery, the first is the total funds, and the second is donating 10% to the supposed white hat hacker who exploited the vulnerability but prevented further losses.
DeFi enthusiast YannickCrypto detailed the process, noting that white hats have verified the contracts, but warning users that they must withdraw token allocations to devalued contracts or they will be hacked again. According to data from CoinGecko, Hashflow's native token, H FT, fell 7% in the 12 hours following the incident, falling to $0.338 at the time of writing. The token is still down 90% from its November 2022 all-time high of $3.61.
