In an unexpected turn of events, multi-chain trading platform Hashflow experienced a recent incident that affected a substantial amount of funds. Although Hashflow did not explicitly confirm an attack, they acknowledged that $600,000 had been affected. Taking swift action, Hashflow reassured users that they would address the situation and ensure all affected individuals receive full compensation.
Crucially, Hashflow emphasized that their decentralized exchange (DEX) remained unaffected by the exploit, assuring users of the platform’s continued reliability and security. In the coming days, Hashflow plans to release a detailed post-mortem to shed light on the incident and provide insights into their remedial actions.
Initial notification regarding the exploit came from PeckShield, a reputable crypto-security firm. PeckShield described the attack as an “approve-related issue” and reported the theft of approximately $410,000, consisting of $215,000 worth of ETH and $195,000 worth of ARB. However, subsequent updates from Hashflow disclosed an even higher estimated loss and indicated that funds were stolen from Avalanche, BNB Chain, and Polygon as well.
Remarkably, it was later revealed that the attack was orchestrated by a white hat hacker—a cybersecurity expert who engages in hacking activities to identify and remediate vulnerabilities. PeckShield acknowledged the hacker’s contract, which included a recovery function, highlighting their responsible intentions. Encouragingly, Hashflow endorsed the hacker’s recovery contract in their instructions to users. These instructions provided clear guidance for users to revoke token allowances to deprecated contracts and to invoke the recovery function within the white hat hacker’s contract.
It’s worth noting that the hacker’s contract not only allows users to fully recover their funds but also offers the option to donate 10% of the recovered funds to the white hat. This gesture exemplifies the hacker’s commitment to promoting a more secure crypto ecosystem and reflects their ethical approach to hacking.
While the incident raised concerns, it also showcased the dedication of Hashflow, PeckShield, and the white hat hacker to protect users’ assets and bolster security measures within the industry. Hashflow’s proactive response and support for the hacker’s recovery contract demonstrate their commitment to fostering a trusted trading environment.
Moving forward, Hashflow plans to implement additional safeguards to prevent similar incidents, ensuring users can trade with confidence on their platform. By sharing this incident and the subsequent collaboration with the white hat hacker, Hashflow sets an example for the industry, reinforcing the importance of transparency, accountability, and ongoing efforts to fortify security in the ever-evolving crypto landscape.