Multi-chain lending protocol Hundred Finance has suffered a security breach on the Optimism layer-2 scaling network, which resulted in the theft of approximately $7 million worth of assets.
hundred finance confirmed the exploit on April 15, noting that it had contacted the hacker for negotiations. The platform is also working with different security teams to resolve the issue and has urged anyone with information on the incident to reach out.
Estimated current loss is ~7m USD.
Once again we hope the hacker will reach out back to us and we will be able to find a joint solution to resolve this matter. 🙏
Thank you everyone for your support and help during these difficult times. ❤️ https://t.co/wLGAl4AAGA
— Hundred Finance (@HundredFinance) April 15, 2023
According to blockchain security firm Peckshield, the hacker executed the attack by donating 200 WBTC to inflate the exchange rate for hWBTC. This allowed them to drain Hundred Finance’s lending pools with a tiny amount of hWBTC.
A detailed analysis from another security firm CertiK suggests that the attacker manipulated the exchange rate between ERC-20 tokens and hTokens by donating large amounts of WBTC to the hToken contract to increase the exchange rate.
The exploiter then opened a large borrow position under the new exchange rate, which allowed them to withdraw more tokens than they had initially deposited.
The protocol said it is preparing a post-mortem on how the exploit occurred and advised people not to speculate on it. The team stated that the focus is to establish communications with the hacker to reach an agreement for a refund.
We advise not to speculate on how the attack was executed, team is preparing a post mortem.
Main focus is to establish coms with hacker, reach an agreement.
In parallel we are gathering all information available in order to have that handy for possible further steps.
— Hundred Finance (@HundredFinance) April 16, 2023
Not the First
Worth noting is that this is not the first time Hundred Finance has been hacked. Last year, the protocol suffered a reentrancy attacklosing roughly $6.5 million worth of ETH to the exploiter.
Despite the exponential growth of the DeFi space, a pressing issue that looms large is the escalating security threats. Recent data from blockchain analytics platform Chainalysis reveals that in 2022, DeFi protocols were hit the hardest, accounting for a staggering 82% of all stolen crypto assets, equivalent to a staggering $3.1 billion in losses.
Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).
PrimeXBT Special Offer: Use this link to register & enter CRYPTOPOTATO50 code to receive up to $7,000 on your deposits.