Audit log

Every state-changing event for Hedgey Finance: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-31 06:59:39Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 423,324,571

   sig

   5K7vYhSXkfXf…yiXtg6qhcopyexplorer ↗

   hash

   3cDq4DtCCrUc…X5uDGGjAcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (18796 B) ▸

   {"actor":"system:backfill","investigation_id":"630ad39c-8bc4-40b2-b1ac-00061a57c7a7","kind":"publish","page_slug":"hedgey-finance","published_at":"2026-05-31T06:59:39.666Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Hedgey Finance","sections":[{"content":"On April 19, 2024, an attacker exploited a critical vulnerability in Hedgey Finance's ClaimCampaigns smart contract (deployed at 0xBc452fdC8F851d7c5b72e1Fe74DFB63bb793D511 on Ethereum). The root cause was insufficient input validation in the createLockedCampaign() function: the contract granted a spending approval to a caller-supplied tokenLocker address without validating that it was a legitimate Hedgey contract. When the attacker subsequently called cancelCampaign(), those approvals were never revoked, leaving the attacker's malicious contract with persistent transferFrom() rights over deposited tokens. The attacker funded the initial attack via a $1.3 million USDC flash loan from Balancer, created a locked campaign with their own contract as the tokenLocker, immediately cancelled it, then used the retained approval to drain tokens. The attack was executed across two transactions to avoid MEV front-running. The Arbitrum chain exploit was funded via an Axelar bridge transfer. The same vulnerability was separately exploited by a second attacker on Ethereum who had been previously linked to the Unizen exploit. The impacted contract had been fully audited by ConsenSys Diligence twice — first during early development and again in June–July 2023 when onboarding Arbitrum DAO — yet both audits missed the critical approval-revocation flaw.","heading":"April 2024 Exploit: Mechanics and Root Cause","severity":"critical","sources":[{"credibility":1,"name":"Hedgey Exploit Post-Mortem (Official Hedgey Medium)","type":"official","url":"https://medium.com/hedgey/hedgey-exploit-post-mortem-784e9860fd8d"},{"credibility":2,"name":"CertiK Hedgey Finance Incident Analysis","type":"research","url":"https://www.certik.com/resources/blog/hedgey-finance-incident-analysis"},{"credibility":2,"name":"Halborn: Explained the Hedgey Finance Hack (April 2024)","type":"research","url":"https://www.halborn.com/blog/post/explained-the-hedgey-finance-hack-april-2024"},{"credibility":2,"name":"ImmuneBytes: Hedgey Finance Exploit Detailed Analysis","type":"research","url":"https://immunebytes.com/blog/hedgey-finance-exploit-april-19-2024-detailed-analysis/"}]},{"content":"Total documented losses from the April 19, 2024 exploit are approximately $44.7 million across two blockchain networks. On Ethereum mainnet, attackers drained approximately $2.1 million, composed of 1,303,910 USDC, approximately $1.9 million in NOBL tokens (belonging to the DeSci project NobleBlocks), and approximately $20,000 in MASA tokens. Stolen Ethereum-chain assets were converted to DAI and transferred to an externally owned account. On Arbitrum, a separate attacker drained approximately 77.74 million BONUS tokens belonging to BonusBlock, valued at approximately $42.6 million at the time of the exploit. Of the 60 active token claim campaigns on the platform, 23 were compromised. Hedgey's separate vesting and lockup contracts were not affected — only the ClaimCampaigns product was vulnerable.","heading":"Financial Losses and Affected Tokens","severity":"critical","sources":[{"credibility":2,"name":"Rekt News: Hedgey Finance","type":"news","url":"https://rekt.news/hedgey-finance-rekt"},{"credibility":2,"name":"CoinTelegraph: DeFi platform Hedgey Finance hit by $44 million exploit","type":"news","url":"https://cointelegraph.com/news/hedgey-protocol-44-million-exploit"},{"credibility":2,"name":"CryptoBriefing: Hedgey Finance loses $44.5 million in flash loan exploit","type":"news","url":"https://cryptobriefing.com/hedgey-finance-flash-loan-exploit/"},{"credibility":1,"name":"Hedgey Exploit Post-Mortem (Official)","type":"official","url":"https://medium.com/hedgey/hedgey-exploit-post-mortem-784e9860fd8d"}]},{"content":"The primary downstream victims were two projects that had active token claim campaigns on Hedgey at the time of the exploit. NobleBlocks, a decentralized science (DeSci) project, lost approximately $1.9 million in NOBL tokens from the Ethereum mainnet attack. NobleBlocks subsequently worked with Hedgey and ConsenSys Diligence to manage recovery, communicated with the MEV operator Coffeebabe regarding potential fund recovery, and ultimately determined it was safe for users to trade NOBL again after stolen tokens were liquidated by the attacker. BonusBlock (BONUS), a Web3 user acquisition project, lost approximately 77.74 million BONUS tokens on Arbitrum, representing the bulk of total losses at approximately $42.6 million notional value. BonusBlock's token price declined approximately 10% immediately following the attack. Masa Finance (MASA) suffered a smaller loss of approximately $20,000. Hedgey disclosed that its ClaimCampaigns product had been used by over 100 projects for token distributions, though the majority of active campaigns were not compromised.","heading":"Affected Protocols and Downstream Impact","severity":"high","sources":[{"credibility":2,"name":"BeInCrypto: How NobleBlocks Shows Resilience Despite Hedgy Finance Attack","type":"news","url":"https://beincrypto.com/nobleblocks-resilience-hedgy-finance-attack/"},{"credibility":2,"name":"Coinspeaker: NobleBlocks Recovers After Hedgey Finance Breach","type":"news","url":"https://www.coinspeaker.com/nobleblocks-recovers-after-hedgey-finance-breach/"},{"credibility":2,"name":"CoinTelegraph: DeFi platform Hedgey Finance hit by $44 million exploit","type":"news","url":"https://cointelegraph.com/news/hedgey-protocol-44-million-exploit"}]},{"content":"On Ethereum mainnet, the primary attacker (address 0xDed2b1a426E1b7d415A40Bcad44e98F47181dda2, using attack contract 0xC793113F1548b97E37c409f39244ee44241bf2b3) converted stolen USDC and NOBL into DAI, which was transferred to an externally owned account. Initial funding for the Ethereum attack was traced to FixedFloat, a non-KYC instant exchange. On Arbitrum, the attacker (address 0xC7241E27Ee4B8D32b59a10E848B48530047a8c5b) received bridged funds via Axelar and retained the bulk of stolen BONUS tokens. Approximately 200,000 BONUS tokens (valued at roughly $110,000) were moved to the Bybit centralized exchange shortly after the exploit, and approximately 900,000 additional tokens were held in secondary wallets. The primary Arbitrum attacker retained approximately 76.8 million BONUS tokens at the time of reporting. On-chain movements were detected and reported by blockchain security firm Cyvers. No confirmed use of Tornado Cash was identified in connection with this specific exploit based on available reporting.","heading":"On-Chain Fund Flows and Laundering Activity","severity":"high","sources":[{"credibility":2,"name":"BeInCrypto: Hedgey Finance Breach — $44.5M Stolen via Flash Loan Exploit","type":"news","url":"https://beincrypto.com/hedgey-incurs-loss-in-crypto-hack/"},{"credibility":2,"name":"CryptoSlate: Hedgey Finance hit by $44.5 million crypto theft across Arbitrum and Binance networks","type":"news","url":"https://cryptoslate.com/hedgey-finance-hit-by-44-5-million-crypto-theft-across-arbitrum-and-binance-networks/"},{"credibility":2,"name":"Rekt News: Hedgey Finance","type":"news","url":"https://rekt.news/hedgey-finance-rekt"}]},{"content":"Immediately following detection of the exploit, Hedgey Finance disabled the creation of new token claim campaigns. The team engaged SEAL 911, a blockchain security incident response group, and contacted affected projects to instruct users to cancel active claims via the platform's End Token Claim interface. Hedgey sent an on-chain message to the attacker via Etherscan, framing the incident as potentially a white hat discovery and requesting return of funds. The team also communicated with MEV operator Coffeebabe in connection with recovery efforts for NobleBlocks' NOBL tokens. Following the exploit, Hedgey commissioned four additional security audits beyond its existing ConsenSys Diligence reviews and engaged unspecified security experts to harden contracts. The team stated it was working with law enforcement and reported making significant progress in identifying the perpetrators, though no arrests or confirmed fund recovery had been publicly disclosed as of available reporting. No formal user compensation plan was announced by Hedgey itself, though at least one affected project (referenced in the official post-mortem) reissued a new token to all holders after the attacker liquidated stolen tokens.","heading":"Protocol Response and Recovery Efforts","severity":"high","sources":[{"credibility":1,"name":"Hedgey Exploit Post-Mortem (Official)","type":"official","url":"https://medium.com/hedgey/hedgey-exploit-post-mortem-784e9860fd8d"},{"credibility":2,"name":"BeInCrypto: How NobleBlocks Shows Resilience Despite Hedgy Finance Attack","type":"news","url":"https://beincrypto.com/nobleblocks-resilience-hedgy-finance-attack/"},{"credibility":3,"name":"Mitrade: Hedgy Finance responds to security breach","type":"news","url":"https://www.mitrade.com/insights/news/live-news/article-3-136892-20240420"}]},{"content":"The ClaimCampaigns contract that was exploited had been reviewed by ConsenSys Diligence on two occasions. The first audit occurred during early development of the protocol. A second re-audit was commissioned specifically when onboarding Arbitrum DAO as a major client, covering the Token Lockup and Vesting Plans over four weeks from June 26 to July 21, 2023, conducted by auditors Chingiz Mardanov and David Braun with approximately 29 person-days of effort. Both audits failed to identify the approval-revocation flaw in createLockedCampaign(), which post-incident analysts described as an input validation failure that should have been caught by standard audit procedures. The exploit generated significant discussion in the smart contract security community about the limits of point-in-time audits and the need for continuous monitoring. Following the incident, Hedgey published a security audits and fuzzing overview in August 2024 detailing the four new audits commissioned in the aftermath.","heading":"Audit History and Security Track Record","severity":"high","sources":[{"credibility":1,"name":"ConsenSys Diligence: Hedgey Token Lockup and Vesting Plans Audit (June 2023)","type":"research","url":"https://diligence.consensys.io/audits/2023/06/hedgey-token-lockup-and-vesting-plans/hedgey-token-plans-audit-2023-06.pdf"},{"credibility":2,"name":"Olympix: The $44M Hedgey Finance Exploit — What Went Wrong","type":"research","url":"https://olympix.ai/blog/the-44m-hedgey-finance-exploit-what-went-wrong-and-how-olympix-could-have-prevented-it"},{"credibility":1,"name":"Hedgey Security Audits and Fuzzing Overview August 2024","type":"official","url":"https://hedgey.finance/blogs?post=hedgey-security-audits-fuzzing-overview-august-2024"}]},{"content":"On December 16, 2025, Anchorage Digital — the first federally chartered crypto bank in the United States — announced the acquisition of Hedgey Finance. The acquisition was described as enabling Anchorage to offer a full-stack token lifecycle management solution, integrating Hedgey's non-custodial smart contract tools for token vesting, allocation, and distribution with Anchorage's existing custody and investment services. Financial terms of the acquisition were not disclosed. The Hedgey team joined Anchorage Digital as part of the transaction. The acquisition occurred approximately 20 months after the April 2024 exploit.","heading":"Acquisition by Anchorage Digital (December 2025)","severity":"low","sources":[{"credibility":2,"name":"The Block: Anchorage jumps into full token lifecycle management with Hedgey acquisition","type":"news","url":"https://www.theblock.co/post/382876/anchorage-token-lifecycle-management-hedgey-acquisition"},{"credibility":1,"name":"Anchorage Digital: Full-Stack Token Management Solution announcement","type":"official","url":"https://www.anchorage.com/insights/anchorage-digital-launches-full-stack-token-management-solution-to-power-next-generation-protocol-growth"}]}],"sources_used":[{"name":"Hedgey Exploit Post-Mortem (Official Hedgey Medium)","type":"official","url":"https://medium.com/hedgey/hedgey-exploit-post-mortem-784e9860fd8d"},{"name":"Rekt News: Hedgey Finance","type":"news","url":"https://rekt.news/hedgey-finance-rekt"},{"name":"CoinTelegraph: DeFi platform Hedgey Finance hit by $44 million exploit","type":"news","url":"https://cointelegraph.com/news/hedgey-protocol-44-million-exploit"},{"name":"Halborn: Explained the Hedgey Finance Hack (April 2024)","type":"research","url":"https://www.halborn.com/blog/post/explained-the-hedgey-finance-hack-april-2024"},{"name":"CertiK: Hedgey Finance Incident Analysis","type":"research","url":"https://www.certik.com/resources/blog/hedgey-finance-incident-analysis"},{"name":"ImmuneBytes: Hedgey Finance Exploit Detailed Analysis","type":"research","url":"https://immunebytes.com/blog/hedgey-finance-exploit-april-19-2024-detailed-analysis/"},{"name":"CryptoBriefing: Hedgey Finance loses $44.5 million in flash loan exploit","type":"news","url":"https://cryptobriefing.com/hedgey-finance-flash-loan-exploit/"},{"name":"BeInCrypto: Hedgey Finance Breach — $44.5M Stolen via Flash Loan Exploit","type":"news","url":"https://beincrypto.com/hedgey-incurs-loss-in-crypto-hack/"},{"name":"CryptoSlate: Hedgey Finance hit by $44.5 million crypto theft","type":"news","url":"https://cryptoslate.com/hedgey-finance-hit-by-44-5-million-crypto-theft-across-arbitrum-and-binance-networks/"},{"name":"BeInCrypto: How NobleBlocks Shows Resilience Despite Hedgy Finance Attack","type":"news","url":"https://beincrypto.com/nobleblocks-resilience-hedgy-finance-attack/"},{"name":"Coinspeaker: NobleBlocks Recovers After Hedgey Finance Breach","type":"news","url":"https://www.coinspeaker.com/nobleblocks-recovers-after-hedgey-finance-breach/"},{"name":"ConsenSys Diligence: Hedgey Token Lockup and Vesting Plans Audit (June 2023)","type":"research","url":"https://diligence.consensys.io/audits/2023/06/hedgey-token-lockup-and-vesting-plans/hedgey-token-plans-audit-2023-06.pdf"},{"name":"Olympix: The $44M Hedgey Finance Exploit — What Went Wrong","type":"research","url":"https://olympix.ai/blog/the-44m-hedgey-finance-exploit-what-went-wrong-and-how-olympix-could-have-prevented-it"},{"name":"Hedgey Security Audits and Fuzzing Overview August 2024","type":"official","url":"https://hedgey.finance/blogs?post=hedgey-security-audits-fuzzing-overview-august-2024"},{"name":"The Block: Anchorage acquires Hedgey for token lifecycle management","type":"news","url":"https://www.theblock.co/post/382876/anchorage-token-lifecycle-management-hedgey-acquisition"},{"name":"Anchorage Digital: Full-Stack Token Management Solution","type":"official","url":"https://www.anchorage.com/insights/anchorage-digital-launches-full-stack-token-management-solution-to-power-next-generation-protocol-growth"},{"name":"CUBE3.AI: Hedgey Finance Hack Detected by CUBE3.AI","type":"research","url":"https://blog.cube3.ai/2024/04/19/hedgey-finance-hack-flashloan-cube3-postmortem-report/"},{"name":"Neptune Mutual: Analysis of the Hedgey Finance Exploit","type":"research","url":"https://medium.com/neptune-mutual/analysis-of-the-hedgey-finance-exploit-7b562b5c2665"}],"summary":"Hedgey Finance is a token vesting and claims infrastructure protocol founded in 2021 and used by over 100 blockchain projects including Arbitrum DAO and ENS DAO. On April 19, 2024, the protocol suffered a critical smart contract exploit that drained approximately $44.7 million across Ethereum mainnet and Arbitrum through a flash loan attack exploiting insufficient input validation in the ClaimCampaigns contract. In December 2025, Hedgey was acquired by Anchorage Digital, the first federally chartered crypto bank in the United States.","timeline":[{"date":"2021-06-01","event":"Hedgey Finance founded by Lindsey Winder, Alex Michelsen, and Shawn Simas in Brooklyn.","source":"Crunchbase / Tracxn","source_url":"https://www.crunchbase.com/organization/hedgey-finance"},{"date":"2023-06-26","event":"ConsenSys Diligence begins a second re-audit of Hedgey's Token Lockup and Vesting Plans contracts, commissioned ahead of Arbitrum DAO onboarding. Audit completes July 21, 2023. The ClaimCampaigns vulnerability is not identified.","source":"ConsenSys Diligence Audit Report","source_url":"https://diligence.consensys.io/audits/2023/06/hedgey-token-lockup-and-vesting-plans/hedgey-token-plans-audit-2023-06.pdf"},{"date":"2024-04-19","event":"Hedgey Finance ClaimCampaigns contract exploited across Ethereum and Arbitrum. Approximately $44.7 million drained through a flash loan attack exploiting missing input validation and un-revoked token approvals in createLockedCampaign(). Ethereum attacker funded via FixedFloat; Arbitrum attacker funded via Axelar bridge.","source":"Rekt News / CoinTelegraph","source_url":"https://rekt.news/hedgey-finance-rekt"},{"date":"2024-04-19","event":"Hedgey disables new claim campaign creation and issues public alert advising users to cancel active claims. Team engages SEAL 911 incident response and contacts affected protocols.","source":"Hedgey Official Post-Mortem (Medium)","source_url":"https://medium.com/hedgey/hedgey-exploit-post-mortem-784e9860fd8d"},{"date":"2024-04-19","event":"Cyvers detects on-chain movement of stolen funds. Attacker moves approximately 200,000 BONUS tokens (~$110,000) to Bybit exchange. Approximately 76.8 million BONUS tokens remain in attacker wallet.","source":"BeInCrypto","source_url":"https://beincrypto.com/hedgey-incurs-loss-in-crypto-hack/"},{"date":"2024-04-20","event":"Hedgey Finance sends on-chain message to attacker via Etherscan treating the incident as a potential white hat discovery and requesting return of funds. NobleBlocks confirms collaboration with Hedgey on NOBL recovery efforts.","source":"BeInCrypto / Coinspeaker","source_url":"https://beincrypto.com/nobleblocks-resilience-hedgy-finance-attack/"},{"date":"2024-08-01","event":"Hedgey publishes Security Audits and Fuzzing Overview documenting four new audits commissioned following the April 2024 exploit.","source":"Hedgey Finance Blog","source_url":"https://hedgey.finance/blogs?post=hedgey-security-audits-fuzzing-overview-august-2024"},{"date":"2025-12-16","event":"Anchorage Digital acquires Hedgey Finance. The Hedgey team joins Anchorage to build a full-stack token lifecycle management offering. Financial terms undisclosed.","source":"The Block","source_url":"https://www.theblock.co/post/382876/anchorage-token-lifecycle-management-hedgey-acquisition"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision b8b012e8-1976-41c3-a4ce-efacbb028151copy