Hashflow

Quick Summary

Hashflow, a DEX on Ethereum, was exploited leading to losses of approximately 600,000 $USD.




Details of the Exploit

On June 14, 2023, Hashflow, a crypto trading platform, encountered an approve-related exploit. This exploit led to the loss of
around 600,000 $USD worth of digital assets including $USDT, $USDC, and $DAI.

The attacker who carried out the exploit provided a recovery function contract, suggesting they may be a white hat hacker,
preventing further losses. Users were instructed to revoke approvals before recovering funds. Two options were given for fund
recovery, one for total funds and the second to donate 10% to the white hat hacker.

In the aftermath of the incident, Hashflow's native token, HFT, fell by 7% within 12 hours.




Block Data Reference

Attacker Address:

https://etherscan.io/address/0xBDf38B7475Ff810325AA39e988fb80E0aA007E84




Malicious Contracts:
https://etherscan.io/address/0xddb19a1bd22c53dac894ee4e2fbfdb0a06769216
https://arbiscan.io/address/0x04699818bf27f27262c0b466f91499fbafca249f
https://bscscan.com/address/0x91d087186c87e1c269be89c74f61423675727065

https://polygonscan.com/address/0xbcb8eb2e24dde3af5dc9f69c814896c76c4b8072

https://snowtrace.io/address/0x91d087186c87e1c269be89c74f61423675727065




Malicious Transaction Examples:

https://etherscan.io/tx/0xdedda493272b6b35660b9cc9070d2ea32ee61279b821184ff837e0a5752f4042

https://etherscan.io/tx/0x08b5f35076beb363a7206b8f9b4a6460f42aa9f998b561582fb4e4cdd6f05dce




Example of Recovery Transaction:

https://etherscan.io/tx/0xf6e6a0eeed71afa046f45652d5616829e6a33e5969b0234744556be3dd6ed79a