Attackers hacked the Hashflow protocol for $600,000

PeckShield analysts have reported a hack in the Hashflow decentralized trading platform for an estimated $600,000.

It seems to be white-hat op on the following exploits @hashflow

eth: https://t.co/9mp3NPV5ZR
arb: https://t.co/vCfvuKnreK
bsc: https://t.co/6SxrLHDO4i
polygon: https://t.co/ZrWHfQD1p8
avanlanche:https://t.co/fNXcQWQ4GF https://t.co/fJPoShmgSM pic.twitter.com/wnYfVyXQta

— Peck Shield Inc. (@peckshield) June 14, 2023

According to experts, the vulnerability is related to approvals of operations in the protocol’s cross-chain bridge. The Hashflow service offers cross-network exchange of various digital assets.

According to Etherscan, the address of the protocol deployer was attacked. The exploit itself affected contracts on the Ethereum, Arbitrum, BNB Chain, Polygon, and Avalanche networks.

The hacker is probably a white hat hacker. The contract, on which the stolen assets are located, provides for the function of a full refund to the owners and the ability to leave a “tip” of 10%.

UPDATE

The whitehat verified his contract, you can now call recover or recoverWithDonate, just past the token token in the function and call it.

BUT PLEASE DONT FORGET TO REVOKE ALLOWANCE TO 0x79cdfd7bc46d577b95ed92bcdc8ababa1844af0c OR YOU GET HACKED AGAIN pic.twitter.com/P4CEhxrC1P

— yannickcrypto.eth (@YannickCrypto) June 14, 2023

Hashflow representatives said they are monitoring the situation. All affected users were promised compensation.

We’re addressing the current situation flagged by @peckshield. Please be assured that:

1. All users comprising the ~$600K affected will be made whole.
2. The Hashflow DEX was in no way impacted and remains fully operational.

We will share a detailed post mortem once complete.

— hashflow (@hashflow) June 14, 2023

“Hashflow has not been affected in any way and remains fully operational. Once the investigation is complete, we will share the details,” the company said.

In July 2022, the project closed a $25 million funding round, after which the Hashflow valuation reached $400 million.

Recall that the losses of users from hacking the non-custodial wallet Atomic Wallet exceeded $100 million.

Found a mistake in the text? Select it and press CTRL+ENTER