Hundred Finance loses $7 million in Optimism hack

0
78
Hundred Finance loses  million in Optimism hack



Multichain lending protocol Hundred Finance has skilled a major safety breach on the Ethereum layer-2 blockchain Optimism. Based on the protocol on Twitter, the losses sit at $7.4 million.

Hundred Finance introduced the exploit on April 15, saying it had contacted the hacker and was working with varied safety groups on the incident. Though the protocol did not reveal how the assault was executed, blockchain safety agency Certik famous that it was a flash mortgage assault:

Flash mortgage assaults happen when a hacker borrows a considerable amount of funds through a flash mortgage (a sort of uncollateralized mortgage) from a lending protocol. The hacker then combines it with different methods to control the worth of an asset on a decentralized finance (DeFi) platform. 

In Hundred’s case, the attacker manipulated the alternate fee between ERC-20 tokens and hTOKENS, permitting them to withdraw extra tokens than initially deposited, in keeping with Certik. The blockchain safety agency continued:

“The alternate fee system was manipulated by Money worth. Money is the quantity of WBTC that the hBTC contract has. The attacker manipulated it by donating massive quantities of WBTC to the hToken contract in order that the alternate fee goes up.”

Certik says that enormous loans had been taken out beneath the manipulated alternate fee. Hundred Finance is getting ready a postmortem report on the incident.

This assault comes virtually practically 12 months after Hundred was uncovered to a different exploit on the Gnosis Chain. At the moment, the hacker drained all of the protocol’s liquidity by a re-entrancy assault. Over $6 million was misplaced. In the identical exploit, the hacker additionally stole funds from the Agave protocol.

Since final 12 months, quite a lot of perpetrators have used flash mortgage assaults to focus on DeFi protocols. Current instances embody assaults in opposition to Euler Finance ($196 million) and Mango Markets ($46 million). Whereas Euler’s hack returned a lot of the funds, Mango’s thief has been arrested by United States authorities.

Journal: Ought to crypto tasks ever negotiate with hackers? In all probability