Hedgey Finance falls victim to $44.7m hack on Arbitrum, a platform built on Ethereum

Hedgey Finance, a provider of on-chain token infrastructure, has experienced two exploits due to a bug in its token claims contract. The first attack took place on the Ethereum (ETH) blockchain, resulting in the theft of approximately $1.9 million in crypto. The attacker’s address was funded from the web3 crypto exchange ChangeNOW, and the stolen funds were converted into Maker’s stablecoin DAI. Hedgey Finance has confirmed the incident and is currently conducting an investigation. Users have been advised to revoke token claim permission until further notice.

Hedgey Finance allows users to create an options market for digital assets, enabling them to buy and sell calls and puts on cryptocurrencies issued on EVM-compatible chains. There are no listing requirements, and users can engage in peer-to-peer ERC20 options trading immediately.

Shortly after the first attack, a second attack occurred on the Arbitrum network, in which hackers stole $42.8 million and transferred some of the proceeds to Bybit. The attackers exploited the same vulnerability in Hedgey Finance on both Ethereum and Arbitrum.

This exploit highlights the need for protocols to allocate more resources and expertise to safeguarding DeFi platforms. As cryptocurrency gains mainstream attention, on-chain security will remain a prominent topic for industry veterans and newcomers. However, statistics indicate that hacks may be decreasing. Last month, Peckshield reported a 50% decrease in crypto exploits, resulting in smaller investor losses. White hat experts have also established a help desk to report hacks in real-time and share information on exploit strategies.