Hack Explained - Hedgey Finance

Hack Explained - Hedgey Finance


1 min read

Hedgey Finance, a token infrastructure platform, suffered dual exploits resulting in a combined loss of approximately $44.7 million. The attacks, which occurred on the Ethereum and Arbitrum networks, exploited a vulnerability related to the platform's use of flash loans. Specifically, the attackers utilised the 'createLockedCampaign' function with flash-loaned funds to execute the theft.

Behind the Breach

The hackers initiated the attack by taking advantage of flash loans, a type of uncollateralised loan where the borrowed sum and interest must be paid back in the same transaction. This mechanism was used to manipulate the 'createLockedCampaign' function within the Hedgey Finance smart contract, which enabled the unauthorised movement of funds. The primary vulnerability exploited was the smart contract’s inadequate validation of input data and improper handling of token approvals, allowing the attackers to bypass normal security checks and extract large amounts of cryptocurrency.

Rivanorth is a boutique Web3 cybersecurity company. We specialise in smart contract audits and blockchain security advisory. Visit rivanorth.com to find out more.

You build the future. We help you secure it.