Hashflow

Hashflow

Quick SummaryHashflow, a DEX on Ethereum, was exploited leading to losses of approximately 600,000 $USD.Details of the ExploitOn June 14, 2023, Hashflow, a crypto trading platform, encountered an approve-related exploit. This exploit led to the loss of around 600,000 $USD worth of digital assets including $USDT, $USDC, and $DAI.The attacker who carried out the exploit provided a recovery function contract, suggesting they may be a white hat hacker, preventing further losses. Users were instructed to revoke approvals before recovering funds. Two options were given for fund recovery, one for total funds and the second to donate 10% to the white hat hacker.In the aftermath of the incident, Hashflow's native token, HFT, fell by 7% within 12 hours.Block Data ReferenceAttacker Address:https://etherscan.io/address/0xBDf38B7475Ff810325AA39e988fb80E0aA007E84Malicious Contracts:https://etherscan.io/address/0xddb19a1bd22c53dac894ee4e2fbfdb0a06769216https://arbiscan.io/address/0x04699818bf27f27262c0b466f91499fbafca249fhttps://bscscan.com/address/0x91d087186c87e1c269be89c74f61423675727065https://polygonscan.com/address/0xbcb8eb2e24dde3af5dc9f69c814896c76c4b8072https://snowtrace.io/address/0x91d087186c87e1c269be89c74f61423675727065Malicious Transaction Examples:https://etherscan.io/tx/0xdedda493272b6b35660b9cc9070d2ea32ee61279b821184ff837e0a5752f4042https://etherscan.io/tx/0x08b5f35076beb363a7206b8f9b4a6460f42aa9f998b561582fb4e4cdd6f05dceExample of Recovery Transaction:https://etherscan.io/tx/0xf6e6a0eeed71afa046f45652d5616829e6a33e5969b0234744556be3dd6ed79a