White hat hacker exploits Hashflow for $600K, seemingly just to return funds

Multi-chain trading platform Hashflow said. June 14th It is said that an incident affecting hundreds of thousands of funds has occurred.

$600,000 affected

Hashflow has not explicitly acknowledged being attacked, but said $600,000 in funds were affected. He wrote that “the current situation is being addressed” and that all users affected by the incident have fully recovered.

The project added that the decentralized exchange (DEX) was not affected by the exploit in any way, and said it would publish a post-mortem investigation at a later date.

Hashflow said cryptosecurity firm Pecshield was first notified of the exploit.Notice from Pecshield called an attack It said it was a “verification-related issue” and that $215,000 of ETH and $195,000 of ARB, totaling $410,000, had been stolen.

In a subsequent statement, Hashflow estimated the loss to be even greater, saying funds were also stolen from Avalanche, BNB Chain and Polygon.

White hat hacker suspected as culprit

Subsequent post from Peckshield said The attack was carried out by ethical hackers. The fact that the hacker’s contract included a recovery function was emphasized.

Hashflow has approved the hacker’s takeback deal. instructions for yourself. These instructions instruct users to revoke token grants for deprecated contracts. The instructions then direct the user to invoke a recovery function in the hacker’s contract.

Hashflow noted that the hacker’s contract allows users to recover all of their funds or optionally donate 10% of the recovered funds to white hats.

A white hat hacker exploited hashflow to win $600,000, the post first appeared on CryptoSlate, apparently just to get the funds back.