Home Business Hundred Finance fell victim to hack and loses $7 million

Hundred Finance fell victim to hack and loses $7 million

Hundred Finance fell victim to hack and loses $7 million

Multichain lending protocol Hundred Finance has suffered a significant security breach on the Ethereum layer-2 blockchain Optimism, causing the protocol to suffer approximately $7.4 million in losses, so reported the protocol on Twitter.

It turned out to be a flash loan attack

Hundred Finance announced that it had fallen victim to an exploit and was working with the hacker and several security teams to address the incident. The protocol has not disclosed how the attack occurred, but blockchain security firm CertiK has stated that it was a payday loan attack.

In a flash loan attack, a hacker borrows a large amount of money through a type of uncollateralized loan from a lending protocol. Then the hacker uses this money to manipulate the price of an asset on a decentralized finance (DeFi) platform.

Exchange rate was manipulated

According to Certik, at Hundred, the attacker manipulated the exchange rate between ERC-20 tokens and hTOKENS, allowing more tokens to be withdrawn than originally deposited. The blockchain security company continued:

The exchange rate formula was manipulated using present value. Cash is the amount of WBTC that the hBTC contract has. The attacker manipulated it by donating large amounts of WBTC to the hToken contract so that the exchange rate goes up.

Certik reports that large loans were taken out at the manipulated exchange rate and that Hundred Finance was preparing an autopsy report on the incident.

Years ago there was another exploit on the platform

This attack comes nearly 12 months after Hundred was previously exposed to another exploit on the Gnosis Chain. In that exploit, the hacker drained all of the protocol’s liquidity through a re-entry attack and took over $6 million. In the same exploit, the hacker also stole money from the Agave protocol.

Since last year, several attackers have used flash loans to target DeFi protocols. Recent cases include attacks on Euler Finance ($196 million) and Mango Markets ($46 million). Although Euler’s hacker returned most of the money, Mango’s thief has been arrested by US authorities.

No Comments

Leave A Reply

Please enter your comment!
Please enter your name here

Exit mobile version