The Hypernative platform flagged the malicious address used in the attack more than 22 hours before the first exploit
On April 17, 2025, Bitcoin Mission, a team using an incentive-based system to promote consensus propagation of Bitcoin, lost $1.3M in an exploit on Arbitrum. The Hypernative platform flagged the address involved in the attack as malicious 22 hours and 47 minutes before the execution.
The real story isn’t just that Hypernative flagged it early—it’s that this kind of exploit happens often, and shouldn’t still succeed. A standard Hypernative configuration would’ve prevented it, no drama, no headlines.
Dan Caspi
Co-founder & CTO
Hypernative
The exploit took advantage of a caller validation vulnerability in the OverPaper function of the protocol's Card Factory contract. This flaw allowed the hacker to withdraw a portion of the contract's balance each time it was exploited. The attack spanned 5 days and over 424 transactions.
The Hypernative platform accurately flagged the attacker's wallet as suspicious more than 22 hours before the first attack, when it was funded from Tornado Cash.
Funding from suspect or sanctioned origins raises a flag, but it is important to distinguish would-be-attackers from privacy enthusiasts. And an early-warning system is only useful if it combines a high rate of detection with a low false-positive rate. Hypernative Platform's suite of detection engines includes a real-time machine-learning pipeline that can classify contracts based solely on their bytecode, without relying on noisy markers like funding sources. The system
Reach out for a demo of Hypernative’s solutions, tune into Hypernative’s blog and our social channels to keep up with the latest on cybersecurity in Web3.
Secure everything you build, run and own in Web3 with Hypernative.
