{"id":12348,"date":"2023-06-14T20:42:43","date_gmt":"2023-06-14T20:42:43","guid":{"rendered":"https:\/\/cryptoheretostay.com\/?p=12348"},"modified":"2023-06-14T20:42:44","modified_gmt":"2023-06-14T20:42:44","slug":"white-hat-hacker-exploits-hashflow-for-600k-seemingly-just-to-return-funds","status":"publish","type":"post","link":"https:\/\/cryptoheretostay.com\/?p=12348","title":{"rendered":"White hat hacker exploits Hashflow for $600K, seemingly just to return funds"},"content":{"rendered":"<p> <script type=\"text\/javascript\">\r\namzn_assoc_placement = \"adunit0\";\r\namzn_assoc_tracking_id = \"totafreearti-20\";\r\namzn_assoc_ad_mode = \"search\";\r\namzn_assoc_ad_type = \"smart\";\r\namzn_assoc_marketplace = \"amazon\";\r\namzn_assoc_region = \"US\";\r\namzn_assoc_default_search_phrase = \"crypto\";\r\namzn_assoc_default_category = \"All\";\r\namzn_assoc_search_bar = \"false\";\r\namzn_assoc_title = \"\";\r\namzn_assoc_rows =\"1\";\r\n<\/script>\r\n<script src=\"\/\/z-na.amazon-adsystem.com\/widgets\/onejs?MarketPlace=US\"><\/script><br \/>\n<\/p>\n<p>Multi-chain trading platform Hashflow said on June 14 that it suffered an incident affecting hundreds of thousands in funds.<\/p>\n<h2>$600K affected<\/h2>\n<p>Hashflow did not explicitly confirm that it had been attacked but said that $600,000 of funds had been affected. It wrote that it is &#8220;addressing the current situation&#8221; and said that all users who were affected by the incident would be made whole.<\/p>\n<p>The project added that its decentralized exchange (DEX) was not affected by the exploit in any way and said that it would later publish a post-mortem.<\/p>\n<p>Hashflow said that it was originally notified of the exploit by PeckShield, a crypto-security firm. PeckShield&#8217;s notice called the attack an &#8220;approve-related issue&#8221; and said that $215,000 of ETH and $195,000 in ARB had been stolen for a total of $410,000.<\/p>\n<p>Hashflow&#8217;s later statements estimated a higher loss and also said that funds were stolen on Avalanche, BNB Chain, and Polygon as well.<\/p>\n<h2>White hat hacker believed to be responsible<\/h2>\n<p>Later posts from Peckshield said that the attack was carried out by a white hat hacker. It highlighted the fact that the hacker&#8217;s contract contains a recovery function.<\/p>\n<p>Hashflow has endorsed the hacker&#8217;s recovery contract in its own instructions. Those instructions tell users to revoke token allowances to deprecated contracts. The instructions then tell users to call the recovery function in the hacker&#8217;s contract.<\/p>\n<p>Hashflow noted that the hacker&#8217;s contract allows users to fully recover their funds or optionally donate 10% of their recovered funds to the white hat.<\/p>\n<p>The post White hat hacker exploits Hashflow for $600K, seemingly just to return funds appeared first on CryptoSlate.<\/p>\n<p><script type=\"text\/javascript\">\r\namzn_assoc_placement = \"adunit0\";\r\namzn_assoc_tracking_id = \"totafreearti-20\";\r\namzn_assoc_ad_mode = \"search\";\r\namzn_assoc_ad_type = \"smart\";\r\namzn_assoc_marketplace = \"amazon\";\r\namzn_assoc_region = \"US\";\r\namzn_assoc_default_search_phrase = \"bitcoin\";\r\namzn_assoc_default_category = \"All\";\r\namzn_assoc_search_bar = \"false\";\r\namzn_assoc_title = \"\";\r\namzn_assoc_rows =\"1\";\r\n<\/script>\r\n<script src=\"\/\/z-na.amazon-adsystem.com\/widgets\/onejs?MarketPlace=US\"><\/script><br \/>\n<br \/><a href=\"https:\/\/cryptoslate.com\/white-hat-hacker-exploits-hashflow-for-600k-seemingly-just-to-return-funds\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Multi-chain trading platform Hashflow said on June 14 that it suffered an incident affecting hundreds of thousands in funds. $600K affected Hashflow did not explicitly confirm that it had been attacked but said that $600,000 of funds had been affected. It wrote that it is &#8220;addressing the current situation&#8221; and said that all users who [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":12349,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wp_rev_ctl_limit":""},"categories":[3],"tags":[],"class_list":["post-12348","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ethereum-news"],"_links":{"self":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts\/12348","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=12348"}],"version-history":[{"count":1,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts\/12348\/revisions"}],"predecessor-version":[{"id":12350,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts\/12348\/revisions\/12350"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/media\/12349"}],"wp:attachment":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=12348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=12348"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=12348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}