Important Security Update and Current Status
Dear NobleBlocks Community,
We regret to inform you of a recent security breach that impacted
@hedgeyfinance, a prominent token infrastructure platform on which our
$NOBL tokens are utilized. During this incident, attackers exploited a business logic flaw in Hedgey’s ClaimCampaigns smart contract, resulting in a substantial loss of $44.7 million across both the Arbitrum and Ethereum platforms. The attackers utilized flash-loaned funds to manipulate the 'createLockedCampaign' function, which led to unauthorized token transactions, draining USDC, NOBL, and MASA tokens from the victim contract.
Hedgey's Response to the Incident:
Hedgey has provided us with the following update regarding the incident:
"Update on this morning's exploit. We will be doing a full post mortem in the coming days. Right now we are focused on working with our impacted users of the token claims product and recovering lost funds. The exploit was specific to our token claims contracts with funds that had not been claimed. It did not impact users of our token vesting, investor lockup, treasury lock, or timelock contracts. It did not impact recipients who have already claimed streaming allocations from a token claim. We have been working with Consensys Diligence and SEAL_Org to manage this stage of damage control and recovery. We have sent the creator of the exploit a message on Etherscan to begin recovering funds. In the coming days, we will be focusing on working with our impacted users and recovering funds. Expect updates as we continue working and a full post-mortem review in the coming days."
We want to assure our community that the situation has been actively managed since it was first detected by on-chain security firms. Hedgey Finance has already begun implementing enhanced security measures to prevent such vulnerabilities in the future.
Collaboration with Recovery Efforts
Following the attack, we have been in direct communication with Hedgey and an MEV bot operator, Coffeebabe, who intervened during the attack. Coffeebabe successfully front-ran several transactions made by the hacker, a strategic move intended to mitigate the effects of the hack. Efforts to recover NOBL tokens and ETH are ongoing, and these assets will be used to repurchase NOBL to restore the affected balances as soon as they are successfully recovered.
Current Token Status and Safety Measures
It is important to note that all compromised tokens have been sold, and the market is stabilizing. We believe it is now safe to engage with
$NOBL tokens again, as all other tokens remain securely locked, and those stolen have been liquidated by the hacker and some attempted recoveries are in process.
We appreciate the vigilance and rapid response of everyone involved, and we are committed to ensuring that all necessary actions are taken to safeguard our community's assets. Please stay tuned for further updates as we continue to work through this issue and reinforce our platform's security measures.
Thank you for your continued trust and support.