Hashflow, a multi-chain trading platform, recently experienced an incident resulting in the loss of hundreds of thousands of funds. Although not explicitly confirmed as an attack, Hashflow acknowledged that approximately $600,000 was affected. Assuring its users, the platform stated its commitment to addressing the situation and ensuring that all affected users would be fully compensated.
Emphasizing that its decentralized exchange (DEX) remained unaffected by the exploit, Hashflow plans to release a comprehensive post-mortem report at a later date. The project was initially alerted to the exploit by PeckShield, a renowned crypto-security firm. PeckShield described the incident as an “approve-related issue” and reported a total theft of $410,000, consisting of $215,000 in ETH and $195,000 in ARB.
Subsequent statements from Peckshield revealed that the attack had been executed by a white hat hacker, highlighting the presence of a recovery function within the hacker’s contract. Hashflow has endorsed this recovery contract in its instructions to users, advising them to revoke token allowances to deprecated contracts and subsequently utilize the recovery function.
Importantly, Hashflow clarified that the hacker’s contract enables users to fully recover their funds, with the option to donate 10% of the recovered funds back to the white hat hacker. This cooperative approach aims to ensure the restoration of funds and maintain the integrity of the platform’s user community.