2 years ago
The attacker reportedly manipulated the speech complaint betwixt ERC-20 tokens and hTOKENS to bargain implicit $7 cardinal from the protocol.
34 Total views
1 Total shares
Own this portion of past
Collect this nonfiction arsenic an NFT
Multichain lending protocol Hundred Finance has experienced a important information breach connected the Ethereum layer-2 blockchain Optimism. According to the protocol connected Twitter, the losses beryllium astatine $7.4 million.
Hundred Finance announced the exploit connected April 15, saying it had contacted the hacker and was moving with assorted information teams connected the incident. Although the protocol didn't uncover however the onslaught was executed, blockchain information steadfast Certik noted that it was a flash indebtedness attack:
#CertiKSkynetAlert @HundredFinance’s attacker manipulated the speech complaint betwixt ERC-20 tokens and htokens which allowed them to retreat much tokens than they had primitively deposited. The estimated losses of this onslaught is astir $7.4 million.
Stay vigilant! https://t.co/1hxAnFoNjj
Flash indebtedness attacks instrumentality spot erstwhile a hacker borrows a ample magnitude of funds via a flash indebtedness (a benignant of uncollateralized loan) from a lending protocol. The hacker past combines it with different techniques to manipulate the terms of an plus connected a decentralized concern (DeFi) platform.
In Hundred's case, the attacker manipulated the speech complaint betwixt ERC-20 tokens and hTOKENS, allowing them to retreat much tokens than primitively deposited, according to Certik. The blockchain information steadfast continued:
"The speech complaint look was manipulated done Cash value. Cash is the magnitude of WBTC that the hBTC declaration has. The attacker manipulated it by donating ample amounts of WBTC to the hToken declaration truthful that the speech complaint goes up."Certik says that ample loans were taken retired nether the manipulated speech rate. Hundred Finance is preparing a postmortem study connected the incident.
This onslaught comes astir astir 12 months aft Hundred was exposed to different exploit connected the Gnosis Chain. At that time, the hacker drained each the protocol's liquidity done a re-entrancy attack. Over $6 cardinal was lost. In the aforesaid exploit, the hacker besides stole funds from the Agave protocol.
Since past year, a fig of perpetrators person utilized flash indebtedness attacks to people DeFi protocols. Recent cases see attacks against Euler Finance ($196 million) and Mango Markets ($46 million). While Euler's hack returned astir of the funds, Mango's thief has been arrested by United States authorities.
Magazine: Should crypto projects ever negociate with hackers? Probably
English (US) 