Hacker Exploits Hundred Finance Protocol In $7.4 Million Heist

Hacker Exploits Hundred Finance Protocol In $7.4 Million Heist



The multi-chain lending protocol Hundred Finance disclosed Saturday that it lost around $7 million after being hacked on the Ethereum layer-2 blockchain Optimism.

The protocol team said it was preparing a post-mortem on how the attack took place, and it advised people not to speculate until it provides clarity via an official statement.

Additionally, Hundred Finance said it’s trying to establish a dialogue with the hacker in hopes of recovering some or all of the stolen funds. In a separate Tweet, Hundred Finance said it was also talking to different security teams about the incident.

In a chatroom on Hundred Finance’s discord server, a pseudonymous member of the Hundred Finance team named acidbird said the “hacker is not talking yet” but the team is working “on all possible scenarios.”

okex

Additionally, acidbird said that members of the Hundred Finance team have been “hit financially” by the attack, including one person that had all of their stablecoins on the protocol.

On Sunday, the protocol asked users impacted by the attack and based in the U.S., specifically the state of New York, to contact Hundred Finance on either Twitter or the messaging app Discord.

Hundred Finance first warned people on Twitter about the attack on Saturday, when the value of the protocol’s Hundred Finance token, HND, was around $0.0416, according to CoinGecko. Since then, it’s fallen around 46% to $0.0212.

The blockchain security firm CertiK broke down the attack on Twitter, explaining that the hacker was able to walk away with $7.4 million worth of digital assets after manipulating the exchange rate between Ethereum ERC-20 and hTOKENS.

hTOKENS are described as “interest-bearing, tokenized representations of user deposits” on Hundred Finance’s website, which can fluctuate in value depending on the activities of other borrowers.

The attack also involved wrapped Bitcoin, an Ethereum-based token that’s backed 1:1 by Bitcoin.

The attacker was able to withdraw more tokens than they had deposited to Hundred Finance, CertiK said. First, the attacker donated a large amount of wrapped Bitcoin to the smart contract on Hundred Finance that determined the exchange rate between wrapped Bitcoin and Hundred Finance Wrapped Bitcoin (hwBTC).

This inflated the exchange rate, after which the attacker took out a large loan and was then able to get the amount they had donated back by redeeming a relatively small amount of Hundred Finance Wrapped Bitcoin.

According to the Web-3 focussed security firm Numen Cyber Technology, the loss incurred by Hundred Finance comprises over 1,000 Ethereum, around 1.2 million of the stablecoin USDC, roughly 1.1 million of the stablecoin Tethern, and nearly 843,000 of the stablecoin DAI, among other tokens.

The hack sustained by Hundred Finance on Optimism comes just over a year after the protocol was hacked on Gnosis chain, a blockchain project that runs on top of the Ethereum network. That incident caused Hundred Finance to temporarily pause its markets across chains.

Stay on top of crypto news, get daily updates in your inbox.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Pin It on Pinterest