White hat hacker exploits Hashflow for $600K, seemingly just to return funds
Hashflow endorsed the white hat's recovery contract in instructions to users.
Multi-chain trading platform Hashflow said on June 14 that it suffered an incident affecting hundreds of thousands in funds.
Hashflow did not explicitly confirm that it had been attacked but said that $600,000 of funds had been affected. It wrote that it is “addressing the current situation” and said that all users who were affected by the incident would be made whole.
The project added that its decentralized exchange (DEX) was not affected by the exploit in any way and said that it would later publish a post-mortem.
Hashflow said that it was originally notified of the exploit by PeckShield, a crypto-security firm. PeckShield’s notice called the attack an “approve-related issue” and said that $215,000 of ETH and $195,000 in ARB had been stolen for a total of $410,000.
Hashflow’s later statements estimated a higher loss and also said that funds were stolen on Avalanche, BNB Chain, and Polygon as well.
White hat hacker believed to be responsible
Later posts from Peckshield said that the attack was carried out by a white hat hacker. It highlighted the fact that the hacker’s contract contains a recovery function.
Hashflow has endorsed the hacker’s recovery contract in its own instructions. Those instructions tell users to revoke token allowances to deprecated contracts. The instructions then tell users to call the recovery function in the hacker’s contract.
Hashflow noted that the hacker’s contract allows users to fully recover their funds or optionally donate 10% of their recovered funds to the white hat.