In the most recent decentralized finances (DeFi) security breach, popular crypto trading platform Hashflow suffered an exploit resulting in the disappearance of at least $600,000 worth of digital assets. The platform, known for its cross-chain swaps and decentralized exchange (DEX) services, has assured affected users that they will be fully compensated for their losses.
The issue was initially flagged by blockchain security firm Peckshield on June 14. Peckshield reported a problem related to contract approvals, pointing out losses in Aribtrum’s ARB token and Ether.
Hi @hashflow, you may want to take a look: https://t.co/Z0thwhoLSJ
It appears there is an approve-related issue.
— PeckShield Inc. (@peckshield) June 14, 2023
Hashflow Assures Users: Full Compensation Promised
Despite the exploit, however, Hashflow’s DEX remained unaffected and continued to operate without interruption. The platform further announced its intention to provide a comprehensive post-mortem report once the investigation is complete, shedding light on the incident’s root cause and any necessary measures taken to prevent future breaches.
Following up on the recent issue identified by @peckshield, please follow the steps outlined below to recover funds in full if you were impacted.
IMPORTANT: You must first revoke approvals before recovering funds.
Instructions here: https://t.co/P5si28nMGu
— hashflow (@hashflow) June 14, 2023
Interestingly, Peckshield suggested that the hacker behind the exploit might be a white hat hacker, as they provided a contract with a recovery function and an alternative option for a donation. This suggests that the attacker may have had good intentions.
On June 15, Hashflow released recovery instructions for users impacted by the exploit, which affected multiple blockchain networks, including Ethereum, Arbitrum, Avalanche, BNB Chain, and Polygon. Users were advised to revoke approvals before attempting to recover their funds.
Two options were presented for fund recovery: the first involved reclaiming the total funds lost, while the second involved donating 10% of the recovered amount to the white hat hacker responsible for exposing the vulnerability.
Impact on HFT Price
The incident had a significant impact on Hashflow’s native token, HFT, with a 7% decrease within 12 hours after the exploit. At the time of writing, HFT was valued at $0.337 according to Coinmarketcap, marking a 90% decline from its all-time high of $3.61 in November 2022.
Meanwhile, this unfortunate event follows another DeFi exploit earlier in the week when lending platform Sturdy Finance lost around $800,000 worth of Ethereum due to price manipulation. In response to the breach, Sturdy Finance offered a $100,000 bounty to the exploiter in exchange for the return of the funds.
As the investigation into the Hashflow hack continues, affected users are urged to immediately follow the recovery instructions provided by the platform.