Hegic(old contract)

2020-02-20

Hegic protocol announced on EthResearch forum by anonymous developer Molly Wintermute.

2020-04-01

Trail of Bits conducts a 3-day code review of Hegic, identifying 10 critical flaws and recommending delayed deployment.

2020-04-23

Hegic v1 deployed to Ethereum mainnet despite Trail of Bits warnings; only a subset of identified critical flaws were patched.

2020-04-24

Critical bug discovered: a missing 's' in the function identifier 'OptionIDs' (should be 'OptionsIDs') permanently locks approximately $28,000–$48,000 in user ETH and DAI. Protocol taken offline.

2020-04-26

Hegic issues public apology retracting the 'typo' characterization and acknowledging a bug. Trail of Bits CEO Dan Guido publicly states the error would have been caught by basic unit testing and that Hegic misrepresented their code review as an 'audit.'

2020-05-01

New corrected Hegic contract deployed to mainnet. Affected users reimbursed 100% from Wintermute's personal and contributor funds.

2020-09-09

HEGIC governance token launched on Ethereum via bonding curve.

2020-10-01

Hegic v888 beta mainnet launched, supporting ETH and WBTC call and put options with staking and liquidity mining.

2022-01-04

Hegic deploys a WBTC Puts Pool contract (later described as a test/staging contract). The deployer address sends 1.1 WBTC to the contract; the contract is never formally decommissioned.

2022-10-01

Hegic deploys its current architecture, superseding prior contract versions.

2025-02-23

Attacker exploits the deprecated January 2022 WBTC Puts Pool contract via the `withdrawWithoutHedge` function, draining 1.1 WBTC (~$80,000). Incident flagged by BlockSec.

2025-02-28

Hegic publishes security report via Discord; confirms current architecture unaffected; announces bug bounty program.