Multichain lending protocol Hundred Finance has seen a serious safety breach on the Ethereum Layer 2 blockchain Optimism. Based on the go online Twitter, the losses quantity to $7.4 million.
Hundred funds announced the exploit on April 15, which mentioned it had contacted the hacker and was working with numerous safety groups on the incident. Though the log did not reveal how the assault was carried out, blockchain safety agency Certik decided that it was a flash mortgage assault:
#CertiKSkynetAlert @HundredFinanceThe attacker of manipulated the alternate fee between ERC-20 tokens and H tokens, which allowed him to withdraw extra tokens than he initially deposited. Estimated losses from this assault are round $7.4 million.
Keep alert! https://t.co/1hxAnFoNjj
— CertiK Alert (@CertiKAlert) April 15, 2023
Flash mortgage assaults happen when a hacker borrows a big amount of cash by way of a flash mortgage (a sort of unsecured mortgage) from a lending protocol. The hacker then combines it with different methods to govern the value of an asset on a decentralized finance (DeFi) platform.
In Hundred's case, the attacker manipulated the alternate fee between ERC-20 tokens and hTOKENS, permitting them to withdraw extra tokens than initially deposited, in line with Certik. The blockchain safety agency continued:
“The alternate fee method was manipulated by current worth. Money is the quantity of WBTC that the hBTC contract has. The attacker rigged it by donating giant quantities of WBTC to the hToken contract to make the alternate fee go up.”
Certik says giant loans have been taken out underneath the manipulated alternate fee. Hundred Finance is making ready an post-mortem report on the incident.
This assault comes nearly 12 months after Hundred confronted one other exploit within the Gnosis chain. At the moment, the hacker withdrew all liquidity from the protocol by a re-entry assault. Over $6 million was misplaced. In the identical exploit, the hacker additionally stole funds from the Agave protocol.
Since final yr, plenty of criminals have used flash credit score assaults to assault DeFi protocols. Latest instances embrace assaults on Euler Finance ($196 million) and Mango Markets ($46 million). Whereas Euler's hack returned many of the cash, Mango's thief was arrested by US authorities.
Journal: Ought to Crypto Tasks Ever Deal With Hackers? Most likely