DeFi Platform Hedgey Finance Loses $44.7M in Token Contract Exploit

anonymous hacker

Hedgey Finance suffered the same exploit on Ethereum and Arbitrum, losing substantial assets on each network.

Decentralized finance and on-chain token vesting platform Hedgey Finance has been hacked for approximately $44.7 million in cryptocurrencies after malicious actors exploited security bugs in its token contracts on two blockchains.

According to data obtained by blockchain security firm Cyvers, Hedgey Finance suffered the same exploit on Ethereum and Arbitrum, losing substantial assets on each network.

Hedgey Finance Exploited For $44.7M

The first exploit took place on Arbitrum and resulted in the loss of $42.8 million worth of ARB tokens. Shortly after stealing the tokens, the exploiter deposited part of the assets in the cryptocurrency exchange Bybit.

Within three hours of the first attack, the exploiter struck Hedgey Finance’s token contract on Ethereum, making away with $1.9 million worth of cryptocurrencies. The hacker swapped the assets for MakerDAO’s stablecoin DAI and moved them to an externally owned account.

Before the second attack occurred, Hedgey Finance announced that it was aware of the incident and was working with appropriate parties to remedy the situation, asking users to revoke all approvals to prevent further loss.

“We’re investigating an attack on the Hedgey Token Claim Contract. If you have created active claims, please cancel them using the ‘End Token Claim’ button…We are actively working with our auditors and team to understand the attack and stop any ongoing attack. We will share more information as we learn more,” the Hedgey Finance team said.

Scammers Post Malicious Hedgey Links

The comment section of Hedgey Finance’s X post is filled with posts from scam accounts that bear the same name as the network, urging users to click on malicious links to either revoke their smart contract approvals or request a refund for losses incurred from the incident.

While Hedgey is yet to give a post-mortem report on the cause of the incident and plans for reimbursements, the network has warned its users to be wary of scammers and their malicious links.

Hedgey Finance’s experience has added the network to an unending list of platforms that have fallen victim to malicious actors. On that list is Prisma Finance, another decentralized finance protocol, which Cryptocurrencies to Watch reported lost $10 million less than a month ago. Like Hedgey’s incident, hackers exploited a vulnerability in Prisma’s smart contracts and siphoned funds from the network’s liquidity pools.