Hedgey Finance, a platform within the token infrastructure, found itself under the siege of two simultaneous attacks, resulting in the loss of a staggering $44.7 million in funds. As reported by Cyvers, a renowned on-chain security firm, the attack targeted over $42.8 million worth of Arbitrum (ARB) tokens on the Arbitrum network. Subsequently, the attackers proceeded to deposit some of the compromised funds into the Bybit cryptocurrency exchange. Hedgey Protocol, acknowledging the breach, assured its community that it is actively collaborating with auditors to comprehensively understand the vulnerabilities that led to these attacks.
In response to the breach, Hedgey Protocol swiftly issued an announcement on April 19, urging users to exercise caution. The protocol disclosed an ongoing investigation into an attack on the Hedgey Token Claims contract. Users who had previously created valid claims were advised to utilize the "End Token Claims" button to revoke them. However, amidst these efforts to mitigate the damage, the protocol encountered another hurdle as scam accounts impersonating Hedgey began disseminating potentially malicious links under the announcement thread, directing users to unauthorized and dubious sources.
The timing of the breach, occurring just hours before the anticipated Bitcoin halving, exacerbates the impact of the incident. This unfortunate event unfolded against the backdrop of an increasingly prevalent trend of cyber attacks within the cryptocurrency space. According to a report by CertiK, a prominent on-chain security firm, the first quarter of 2024 witnessed a surge in hacking and exploit incidents, totaling 223 cases and resulting in the theft of over $502 million worth of digital assets.
Despite the alarming increase in security breaches, there is a glimmer of hope in the efforts to recover stolen funds. Notably, more than $77.9 million worth of stolen assets were eventually returned in the first quarter of the year, with significant contributions attributed to security interventions like the Munchables incident. However, the report also highlights a concerning trend, with compromised private keys remaining the primary attack vector, resulting in substantial losses totaling over $239 million across 26 incidents.
