Hashflow

On June 14, 2023, Hashflow, a decentralized exchange (DEX) operating across Ethereum, BNB Chain, Polygon, Avalanche-C, and Arbitrum, was exploited due to a vulnerability in its smart contract’s transferFrom function, resulting in a $605,000 loss, as detailed by Neptune Mutual.

Detected at 10:00 UTC, the flaw in the 0x1ce5 function allowed arbitrary token transfers from user-authorized contracts, per CertiK’s analysis. The attacker drained funds via an attack contract (0x9f9…), which offered recovery options: full recovery via a recover function or 90% recovery with a 10% “donation” to the exploiter, per Etherscan.

Described as a coordinated white-hat operation, the deployer advised users to revoke contract permissions to prevent further drains, per Twitter (@Hashflow).

Hashflow, with $20 million daily trading volume per DeFiLlama, remained operational, reimbursed all affected users, and shared recovery instructions, per the article. No funds were retained by the attacker, and the DEX continued unaffected, per Reddit (r/DeFi).

This exploit, alongside Patricia’s $2 million hack, underscores the fragility of smart contract code. Hashflow’s rapid reimbursement and transparency transformed a potential disaster into a masterclass in crisis management, proving that in the wilds of DeFi, a swift rescue can turn predators into protectors, securing user trust amidst the blockchain’s perilous terrain