Hundred Finance loses $7 million in Optimism hack

admin April 16, 2023April 16, 2023

[ad_1]

Multichain lending protocol Hundred Finance has skilled a major safety breach on the Ethereum layer-2 blockchain Optimism. Based on the protocol on Twitter, the losses sit at $7.4 million.

Hundred Finance announced the exploit on April 15, saying it had contacted the hacker and was working with varied safety groups on the incident. Though the protocol did not reveal how the assault was executed, blockchain safety agency Certik famous that it was a flash mortgage assault:

#CertiKSkynetAlert @HundredFinance’s attacker manipulated the trade fee between ERC-20 tokens and htokens which allowed them to withdraw extra tokens than they’d initially deposited. The estimated losses of this assault is round $7.4 million.

Keep vigilant! https://t.co/1hxAnFoNjj

— CertiK Alert (@CertiKAlert) April 15, 2023

Flash mortgage assaults happen when a hacker borrows a considerable amount of funds through a flash mortgage (a kind of uncollateralized mortgage) from a lending protocol. The hacker then combines it with different strategies to govern the worth of an asset on a decentralized finance (DeFi) platform.

In Hundred’s case, the attacker manipulated the trade fee between ERC-20 tokens and hTOKENS, permitting them to withdraw extra tokens than initially deposited, in line with Certik. The blockchain safety agency continued:

“The trade fee components was manipulated by means of Money worth. Money is the quantity of WBTC that the hBTC contract has. The attacker manipulated it by donating giant quantities of WBTC to the hToken contract in order that the trade fee goes up.”

Certik says that giant loans have been taken out below the manipulated trade fee. Hundred Finance is making ready a postmortem report on the incident.

This assault comes nearly practically 12 months after Hundred was exposed to another exploit on the Gnosis Chain. At the moment, the hacker drained all of the protocol’s liquidity by means of a re-entrancy assault. Over $6 million was misplaced. In the identical exploit, the hacker additionally stole funds from the Agave protocol.

Since final 12 months, numerous perpetrators have used flash mortgage assaults to focus on DeFi protocols. Current circumstances embody assaults in opposition to Euler Finance ($196 million) and Mango Markets ($46 million). Whereas Euler’s hack returned most of the funds, Mango’s thief has been arrested by United States authorities.

Magazine: Should crypto projects ever negotiate with hackers? Probably