Crypto trading platform Hashflow has announced its commitment to reimbursing users impacted by an exploit that led to the loss of more than $600,000 in digital assets from the platform.
The exploit was brought to light by blockchain security firm Peckshield on June 14, which initially reported losses of approximately $600,000 in arbitrum (ARB) and ethereum (ETH), pointing out an ongoing issue related to contract approvals on the Hashflow trading platform.
Soon after, Hashflow promptly informed its users that it was actively working to address the situation flagged by Peckshield, stating that “all users comprising the ~$600K affected will be made whole.”
The company emphasized that its decentralized exchange (DEX) remained unharmed throughout the exploit and assured users that a post-mortem report would be published in due course.
Suspected white hat hacker behind Hashflow exploit
Peckshield, in its analysis, hinted that a white hat hacker might have orchestrated the exploit, as the individual behind the attack provided a contract with a recovery function and even offered users an option to donate.
On June 15, Hashflow provided recovery instructions for those affected by the exploit, which impacted ethereum, arbitrum, avalanche, BNB, and polygon. Affected users were advised to “revoke approvals before recovering funds.”
Hashflow presented two options for fund recovery: the first allowed users to retrieve their total funds, while the second involved donating 10% to the supposed white hat hacker who had exploited the vulnerability but prevented further losses.
DeFi enthusiast ‘YannickCrypto’ provided detailed instructions on the recovery process, confirming that the white hat hacker had verified the contract. However, YannickCrypto cautioned users to revoke token allowances to deprecated contracts to prevent potential future hacking attempts.
DeFi hacks continue to rattle crypto space
The security breach is a stark reminder of the constant threats DeFi platforms face. On June 4, lending platform Sturdy Finance suffered losses of approximately $800,000 worth of ethereum due to a vulnerability related to price manipulation.
The lending firm has offered a $100,000 bounty to the exploiter for the safe return of the funds.
In a separate development on June 4, wallet provider Atomic Wallet fell victim to a major hack resulting in the theft of around $35 million worth of cryptocurrencies, including bitcoin, ether, tether, dogecoin, litecoin, BNB coin, and polygon.
The wallet provider later advised its users to transfer their funds to alternative wallets as a precautionary measure while the company investigated the exploit.
As the crypto industry continues to evolve, it becomes increasingly crucial for protocols to prioritize robust security measures and conduct thorough audits to identify and rectify vulnerabilities before malicious actors can exploit them.