The multi-chain lending protocol Hundred Finance has experienced a major security breach on the Ethereum layer 2 Optimism blockchain. The protocol tweeted that the losses amount to $7.4 million.
hundred finance Announced the exploit on April 15, saying that it had contacted the hacker and was working with various security teams on the incident. Although the protocol did not disclose how the attack was executed, blockchain security firm CertiK said it was a hit-and-run attack:
#AlertCertiKSkynet @CienFinanzasThe attacker manipulated the exchange rate between ERC-20 tokens and htokens, allowing them to withdraw more tokens than they had originally deposited. Estimated losses from this attack are around $7.4 million.
Keep alert! https://t.co/1hxAnFoNjj
— CertiK Alert (@CertiKAlert) April 15, 2023
Quick loan attacks involve a hacker borrowing a large amount of funds through an unsecured loan type of a lending protocol. The hacker then uses these funds to manipulate the price of an asset on a decentralized finance (DeFi) platform.
In the Hundred case, the attacker manipulated the exchange rate between ERC-20 tokens and hTOKENS, allowing them to withdraw more tokens than originally deposited, according to Certik. The blockchain security firm continued:
“The exchange rate formula was manipulated through the cash value. Cash is the amount of WBTC that the hBTC contract has. The attacker manipulated it by donating large amounts of WBTC to the hToken contract to make the exchange rate go up.”
Certik says large loans were taken under the manipulated exchange rate. Hundred Finance was preparing a postmortem report on the incident.
This attack comes almost 12 months after Hundred was exposed to another exploit on the Gnosis Chain. At that time, the hacker drained all of the protocol’s liquidity via a re-entry attack, taking over $6 million. In the same exploit, the hacker also stole funds from the Agave protocol.
Since last year, various perpetrators have used quick lending attacks to target DeFi protocols. Recent cases include attacks against Euler Finance ($196 million) and Mango Markets ($46 million). While the Euler hacker returned most of the funds, the Mango thief has been arrested by US authorities.
Magazine: Should Crypto Projects Ever Deal With Hackers? Probably
This post Hundred Finance loses $7 million in Optimism hack
was published first on https://cointelegraph.com/news/hundred-finance-loses-7-million-in-optimism-hack