Multichain lending protocol using DeFi On the Ethereum layer-2 blockchain Optimism, Hundred Finance experienced a hack attempt and lost assets worth over $7.4 million.
It looks that Hundred got hacked on #Optimism. We will update when there is more information to it.
— Hundred Finance (@HundredFinance) April 15, 2023
Blockchain security analytics firm Cetrik reported that the Hundred Finance hacker exploited the exchange rate between ERC-20 tokens and hTokens, enabling them to withdraw more tokens than they had initially deposited.
“Cash value was used to manipulate the exchange rate formula. The amount of WBTC that the hBTC contract contains is called cash. In order to increase the exchange rate, the attacker manipulated it by making significant WBTC donations to the hToken contract, Certik continued.
The estimated loss of Hundred Finance was reported by security company Numen Cyber Technology as follows: 0.058 WBTC, 20,854 SNX, 1,265,978 USDC, 842,788 DAI, 1,113,430 USDT, 865,142 USDs, 457,286 FRAX, and 1,030 ETH.
🚨 We have detected that @HundredFinance on #Optimism has been hacked, resulting in a loss ~1030 ETH (approx US$2.16 mil)
Tx: https://t.co/AoEMqlw4dYhttps://t.co/cv78fLbtC9 https://t.co/EYF9gwWz3k pic.twitter.com/4kUjiNgYUy
— NumenAlert Ⓝ (@NumenAlert) April 15, 2023
In order to address the incident, Hundred Finance has revealed that it has contacted the hacker and is currently working with security teams. The DeFi protocol has warned the community against making assumptions about the attack’s specifics while the team is still gathering information for a post-mortem analysis of the incident.
“Once again, we hope the hacker will reach out to us and we will be able to find a joint solution to resolve this matter,” tweeted Hundred Finance.
This month has seen a spike in hacks, with security breaches on many crypto platforms. Recent hacking of MetaMask’s third-party provider has raised questions about ongoing security flaws on these platforms that are luring hackers.
Crypto platforms must immediately improve their security protocols or else the community will inevitably suffer.
Compiled by Coinbold