- Hedgy Finance has begun attempts to recover stolen funds after a $1.9 million security breach on the Hedgy Token Claim Contract.
- Phishing attacks increase as Ethereum name service address suffers a major hit.
- Investors should exercise caution as Bitcoin halving hype could lead to more attacks.
DeFi token vesting platform Hedgy Finance suffered a security breach on Friday that resulted in a $1.9 million loss. However, Hedgy announced that it’s currently working out plans to recover the stolen funds. This comes after a series of phishing attacks across various blockchain platforms.
Also read:Â Mango Market attacker convicted of fraud and market manipulation
Hedgy plans to recover stolen funds after $1.9 million attack
Hedgy Finance users were the latest victims of rising crypto scams after an attacker exploited the platform’s Hedgy Token Claim Contract. According to Cyvers Alerts, the attacker stole $1.9 million worth of assets, swapped them for DAI stablecoin and transferred them to an externally-owned account (EOA).
Hedgy Finance confirmed the attack in an X post on Friday, stating that “users of (…) token vesting, investor lockup, treasury lock or timelock contracts were not impacted.” They stated they’ve sent the attacker a message on Etherscan as they begin attempts to recover the lost funds.
“In the coming days we will be focused on working with our users who were impacted and recovering lost funds. We will continue working with impacted projects to resolve issues created by this exploit,” said Hedgy Finance.
Update on this mornings exploit. We will be doing a full post mortem in the coming days. Right now we are focused on working with the impacted users of the token claims product and recovering lost funds.
1. The exploit was specific to our token claims contracts with funds that…
— Hedgey (@hedgeyfinance) April 19, 2024
Phishing scams are increasing
Hedgy’s attack follows an increase in phishing scams in recent weeks. Cryptocurrency phishing scams involve malicious entities sending links to fake websites that often impersonate legitimate businesses to get access to a user’s wallet information.
On Thursday, Cyvers alert reported that scammers stole approximately $3 million through phishing transactions across several blockchains.
ALERTOur system has identified multiple phishing transactions this morning.
Unfortunately, victims have approved the phishers’ External Owned Account (EOA). We strongly advise revoke approvals for https://t.co/qR54s5N37M
The phishers have collected approximately $3M across… pic.twitter.com/VcOSh0N0dW
— Cyvers Alerts (@CyversAlerts) April 19, 2024
Cyvers admonished users to revoke approvals for the several phishing EOAs.
The phishing attacks seem not to be over, as an Ethereum name service address mummyhap.eth suffered a similar fate, losing $759,200 worth of digital assets, according to PeckShieldAlert.
Also read:Â Crypto traders lost nearly $300 million in 2023 due to rising phishing scams
The stolen tokens include 86.59 wstETH, 31.21 stETH, 49.88 pufETH, and 56.96 aEthwstETH. The attack was attributed to an entity using the alias Fake_Phishing187019.
Increased phishing attacks aren’t new in seasons like this as Bitcoin experiences its fourth halving. Scammers thrive on the hype to lure users into submitting their wallet details.
Investors should stay vigilant and watch out for other crypto scams that attackers often leverage to steal funds.