- Hashflow users affected by yesterday’s hack can now recover their funds
- $600,000 was taken through the exploit yesterday
- The recovery options include a 10% tip to the individual who stopped the hack
Cryptocurrency trading platform Hashflow has reassured customers affected by a recent exploit that they will be made whole. Hashflow saw at least $600,000 in digital assets taken from its platform yesterday and provided steps to those affected to recover their funds. The platform is still investigating how it was compromised and has promised a post-mortem once its investigations are complete.
Hack Stopped in its Tracks
Security firm Peckshield informed Hashflow of an “approve-related issue” yesterday which was causing a huge outflow of funds:
Hi @hashflow, you may want to take a look: https://t.co/Z0thwhoLSJ
It appears there is an approve-related issue.
— PeckShield Inc. (@peckshield) June 14, 2023
Hashflow responded to say that it was looking into the incident and promised immediately that users would be made whole, showing that it has learnt from other platforms’ mistakes and was getting its assurances in early:
We’re addressing the current situation flagged by @peckshield. Please be assured that:
1. All users comprising the ~$600K affected will be made whole.
2. The Hashflow DEX was in no way impacted and remains fully operational.We will share a detailed post mortem once complete.
— hashflow (@hashflow) June 14, 2023
Three hours later it had stopped the flow of funds and outlined how users can recover their funds, marking perhaps the quickest such recovery yet offered by a DeFi protocol, although this likely has much to do with the relatively low value of the hack:
Following up on the recent issue identified by @peckshield, please follow the steps outlined below to recover funds in full if you were impacted.
IMPORTANT: You must first revoke approvals before recovering funds.
Instructions here: https://t.co/P5si28nMGu
— hashflow (@hashflow) June 14, 2023
Users have been offered two options for fund recovery: total funds or a 10% tip to the person who stopped the vulnerability in its tracks and prevented further losses. Hashflow’s HFT token dropped just 5% following the hack, showing that it should have a minimal impact going forward.