Hedgey Finance, a token infrastructure platform, has suffered two parallel exploits amounting to a total of $44.7 million worth of lost funds.
Hedgey suffered an exploit worth over $42.8 million Arbitrum (ARB) tokens on the Arbitrum network, according to an April 19 X post by on-chain security firm Cyvers. The attacker has already deposited part of the funds to the Bybit cryptocurrency exchange.
Earlier, Hedgey protocol was hacked for a total of $1.9 million worth of crypto on the Ethereum network, according to an X alert by Cyvers.
Hedgey protocol confirmed the exploit, adding that it is actively working with auditors to understand the vulnerability behind the potentially ongoing attack. It said in an April 19 X post:
“We're investigating an attack on the Hedgey Token Claim Contract. If you have created active claims, please cancel them using the “End Token Claim" button…”
Shortly after Hedgey confirmed the exploit, scam accounts impersonating the protocol have started posting potentially malicious links under the thread, urging people to ask for a refund or revoke their smart contract approvals, pointing to suspicious links without connection to Hedgey protocol.
The exploit occurred hours before the much-anticipated Bitcoin halving, set to reduce block issuance rewards in half.
Related: New Bitcoin whales, ETFs are up only 1.6% in unrealized profit — Is the BTC bottom in?
Over $500 million stolen in crypto hacks in Q1 2024
The first quarter of 2024 saw 223 hacks and exploits that amounted to a total of over $502 million worth of stolen digital assets, according to the Hack3d report by on-chain security firm CertiK.
This represents a 54% increase compared to the first quarter of 2023, which saw a total of $326 million worth of funds stolen. January was the most lucrative month for hackers, who stole over $193 million worth of crypto in 78 on-chain incidents.
As in previous quarters, compromised private keys remained the top attack vector, with over $239 million lost in 26 such incidents. Compromised private key exploits only account for 11.7% of all security incidents, according to CertiK.
On the bright side, over $77.9 million worth of stolen funds were ultimately returned in the first quarter, most attributed to the Munchables security incident.
A total of $1.8 billion was lost to crypto hacks and scammers in 2023, of which 17% can be attributed to the North Korean Lazarus Group, according to a Dec. 28 report by Immunefi.