Key takeaways:
- For the purpose of regaining any money lost due to a contract approval vulnerability, the trading platform has supplied recovery instructions.
- The company noted that its decentralized exchange was not disrupted in any way and continues to function as usual.
Following an incident that resulted in at least $600,000 worth of digital assets being removed from the crypto trading platform Hashflow, affected consumers have been guaranteed that they will receive total compensation.
A persistent problem with the Hashflow trading platform was detected on June 14 by the blockchain security company Peckshield. The company reported losses in Aribtrum’s ARB token and Ether of about $600,000, pointing to an approval-related problem. A few hours later, Hashflow informed customers that it was addressing the Peckshield-reported current state of affairs with contract approvals, adding:
“All users comprising the ~$600K affected will be made whole.”
The company, which offers cross-chain swaps as a component of its trading services, noted that its decentralized exchange was not disrupted in any way and continues to function as usual.
Given that they offered a contract with a recovery feature and a second donation option, Peckshield hypothesized that the hacker who used the exploit might be a white hat hacker.
On June 15, Hashflow provided a status update with recovery guidelines for anyone impacted by the exploit, which affected Ethereum, Arbitrum, Avalanche, BNB Chain, and Polygon. Before receiving their money back, users were instructed to rescind their approvals.
There are two alternatives for recovering funds: the first is to recover the entire amount, and the second is to give away 10% to the alleged white-hat hacker who found the vulnerability and used it to stop additional losses.
Following the incident, the price of HFT, the native token of Hashflow, dropped by 7%, reaching $0.33, according to CoinGecko, at the time of writing. The coin is still 90% behind its $3.61 all-time high from November 2022.
This is the second DeFi vulnerability this week; on June 12, the lending platform Sturdy Finance lost over $800,000 worth of Ethereum. Peckshield, the company that released the alert, claimed that the vulnerability was connected to pricing manipulation. In exchange for the stolen money’s return, Sturdy Finance offered the exploiter a $100,000 bounty. The lending platform declares that if the attacker accepts the offer, its team will stop investigating the matter.
