Multichain lending protocol Hundred Finance got hacked on Ethereum layer2 scaling solution Optimism, leading to a loss of about $7 million.
The DeFi platform confirmed the exploit on April 15, stating that it has contacted the hacker and is currently working with various security teams. The protocol further urged anyone who could help with information to reach out.
“Once again we hope the hacker will reach out back to us and we will be able to find a joint solution to resolve this matter,” the team tweeted.
Meanwhile, this is not the first time Hundred Finance has been hacked. In 2022, Hundred Finance and Agave were exploited in a reentrancy attack on Gnosis Chain. At the time, the two platforms lost $11 million.
Hundred is a fork of the popular Compound protocol and has been deployed on several blockchains.
How Was Hundred Finance Hacked?
According to Peckshield, the hacker stole the funds by donating 200 WBTC to inflate the exchange rate for hWBTC. This made it possible to drain the lending pools with a tiny amount of hWBTC.
Another blockchain security firm Certik corroborated Peckshield’s finding. Certik wrote that the attacker manipulated the exchange rate between ERC-20 tokens and htokens. By donating a large amount of WBTC to htoken contract, the hacker caused the exchange rate to rise.
The attacker later capitalized on that rate to take a large borrow position under the new exchange rate and redeemed the initial amount they deposited. The hack resulted in a $7.4 million loss for Hundred.
Meanwhile, Numen Cyber reported a loss of 1030 ETH valued at over $2 million.
Earlier today, the Hundred Finance team advised its community to stop speculating on how the attack happened. The protocol wrote that its main focus is to contact the attacker and reach an agreement.
“In parallel we are gathering all information available in order to have that handy for possible further steps”
DeFi Hacks in 2023
This incident further highlights the risks of DeFi and adds to the growing tally of losses from hacks in 2023. After a relatively quiet start to the year, DeFi hacks have picked up steam in the past few weeks, starting with Euler Finance hack in March.
DeFi protocols like Allbridge, Sentiment, and Yearn Finance were exploited during the first two weeks of April. According to DeFillama data, these hacks resulted in more than $20 million in losses.
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content.
Leave a Reply