Multichain lending protocol, Hundred Finance, was hacked on Ethereum’s layer-2 scaling solution, Optimism, resulting in a loss of approximately $7.4m.
Hundred Finance hacked
On April 15, the DeFi platform announced that it had contacted the hacker and collaborated with many security teams. The protocol also requested anyone with information to get in touch.
This is not the first time Hundred Finance is being hacked.
In 2022, a reentrancy assault on Gnosis chain used Hundred Finance and Agave as tools. The two platforms at the time lost $11m.
The well-known Compound protocol’s fork, Hundred, has been implemented on several blockchains.
Peckshield claims that the hacker donated 200 WBTC, a stablecoin pegged to bitcoin; to increase the the protocol’s derivative, hWBTC. This allowed the loan pools to be drained using only a small quantity of hWBTC, resulting in losses.
Peckshield and CertiK, another blockchain security company, supported the results.
According to CertiK, the attacker modified the rate at which ERC-20 tokens and htokens are exchanged. The hacker raised the exchange rate by contributing a significant sum of WBTC to the htoken contract.
Later, the attacker took advantage of that rate to borrow significant money at the new exchange rate and then redeemed their initial investment. Hundred suffered a loss of $7.4m due to the hack.
In the meantime, Numen Cyber claimed to lose 1,030 ethereum (ETH) worth over $2m.
The Hundred Finance team told its members earlier today to cease guessing about how the attack took place. According to the procedure, its major goal is to get in touch with the attacker and come to an understanding.
2023 DeFi Hacks
This incident adds to the mounting total of damages from hacking in 2023 and serves as a reminder of the dangers of decentralized finance (DeFi). There have been several hacks in the last few weeks following the exploit of Euler Finance attack in March.
In the first two weeks of April, vulnerabilities in DeFi protocols such as Allbridge, Sentiment, and Yearn Finance were exploited. More than $20m was lost due to these hacks, according to research conducted by DeFiLlama.