Skip to main content
Sign in
Hedgey1 decision on this page

Audit log

Every state-changing event for Hedgey: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-20 15:26:58Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 421,012,580
    sig
    5SdooEedENdn…atGmL5YKexplorer ↗
    hash
    C5tV7vA4UUsd…sGdi3hsfsha256 → base58
    verifying row…full verify ↗
    canonical bytes (5701 B) ▸
    {"actor":"system:backfill","investigation_id":"04a3c621-dea2-4bc7-9c9c-5934edeaab4e","kind":"publish","page_slug":"hedgey","published_at":"2026-05-20T15:26:57.985Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Hedgey","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://medium.com/hedgey/hedgey-exploit-post-mortem-784e9860fd8d"},{"credibility":3,"name":"","type":"other","url":"https://olympix.ai/blog/the-44m-hedgey-finance-exploit-what-went-wrong-and-how-olympix-could-have-prevented-it"},{"credibility":3,"name":"","type":"other","url":"https://www.anchorage.com/insights/anchorage-digital-launches-full-stack-token-management-solution-to-power-next-generation-protocol-growth"},{"credibility":3,"name":"","type":"other","url":"https://hacken.io/audits/hedgey-finance/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://medium.com/hedgey/hedgey-exploit-post-mortem-784e9860fd8d"},{"credibility":3,"name":"","type":"other","url":"https://rekt.news/hedgey-finance-rekt"},{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-hedgey-finance-hack-april-2024"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/hedgey-protocol-44-million-exploit"},{"credibility":3,"name":"","type":"other","url":"https://thedefiant.io/news/defi/defi-protocol-hedgey-finance-suffers-usd44m-hack"},{"credibility":3,"name":"","type":"other","url":"https://immunebytes.com/blog/hedgey-finance-exploit-april-19-2024-detailed-analysis/"},{"credibility":3,"name":"","type":"other","url":"https://blog.cube3.ai/2024/04/19/hedgey-finance-hack-flashloan-cube3-postmortem-report/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.certik.com/resources/blog/hedgey-finance-incident-analysis"},{"credibility":3,"name":"","type":"other","url":"https://rekt.news/hedgey-finance-rekt"},{"credibility":3,"name":"","type":"other","url":"https://blog.cube3.ai/2024/04/19/hedgey-finance-hack-flashloan-cube3-postmortem-report/"},{"credibility":3,"name":"","type":"other","url":"https://beincrypto.com/hedgey-incurs-loss-in-crypto-hack/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://medium.com/hedgey/hedgey-exploit-post-mortem-784e9860fd8d"},{"credibility":3,"name":"","type":"other","url":"https://crypto.news/hedgey-finance-hacked-for-44-7m-on-arbitrum-ethereum/"},{"credibility":3,"name":"","type":"other","url":"https://cryptobriefing.com/hedgey-finance-flash-loan-exploit/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-hedgey-finance-hack-april-2024"},{"credibility":3,"name":"","type":"other","url":"https://www.certik.com/resources/blog/hedgey-finance-incident-analysis"},{"credibility":3,"name":"","type":"other","url":"https://olympix.ai/blog/the-44m-hedgey-finance-exploit-what-went-wrong-and-how-olympix-could-have-prevented-it"},{"credibility":3,"name":"","type":"other","url":"https://www.anchorage.com/insights/anchorage-digital-launches-full-stack-token-management-solution-to-power-next-generation-protocol-growth"},{"credibility":3,"name":"","type":"other","url":"https://tracxn.com/d/insights/merger-acquisition-deals-brief/anchorage-digital-acquires-hedgey/__4KzVvRDuMqoyMDEVEi4vHYqWxSLLQwKCBLHGXoHoelE"}]}],"sources_used":[],"summary":"Hedgey is a token vesting, lockup, and claims protocol that served over 100 on-chain projects before suffering a critical smart contract exploit on April 19, 2024, resulting in the theft of approximately $44.7 million across Ethereum and Arbitrum. The vulnerability — a missing input validation check in the ClaimCampaigns.sol contract — was present despite two prior audits by ConsenSys Diligence. No confirmed recovery of stolen funds has been reported; Hedgey was subsequently acquired by Anchorage Digital in late 2025.","timeline":[{"date":"2023-06-01","event":"ConsenSys Diligence completes second audit of Hedgey contracts, including the re-audit commissioned for Arbitrum DAO onboarding; vulnerable ClaimCampaigns.sol flaw goes undetected.","source":""},{"date":"2024-04-19","event":"Exploit begins at ~07:06 UTC. Attacker uses $1.3M Balancer flash loan to abuse createLockedCampaign input validation gap in ClaimCampaigns.sol. $2.1M drained on Ethereum; $42.6M in BONUS tokens drained on Arbitrum. Secondary copycat attacker linked to Unizen exploit also strikes on Ethereum. Total loss: ~$44.7M.","source":""},{"date":"2024-04-19","event":"Hedgey team disables new claims creation, engages SEAL 911, contacts Gate.io and Bybit to freeze attacker-linked deposits, and sends on-chain message to attacker requesting return of funds.","source":""},{"date":"2024-04-19","event":"CUBE3.AI publishes postmortem confirming real-time detection of the malicious transaction; CertiK and Halborn publish independent on-chain analyses identifying attacker addresses and laundering behavior.","source":""},{"date":"2024-04-20","event":"Official post-mortem published by Hedgey team via Medium, confirming 23 of 60 active campaigns were impacted, vesting/lockup contracts were unaffected, and law enforcement coordination was underway.","source":""},{"date":"2025-12-16","event":"Anchorage Digital announces acquisition of Hedgey, integrating the token vesting tooling into a full-stack institutional token lifecycle management product. Deal terms undisclosed.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 96aca9dd-7278-474a-9995-4633a3944e73
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.