Hundred Finance, a multi-chain lending protocol, announced on Saturday that it lost around $7.4 million in a hack on the Ethereum Optimism layer-2 blockchain. It’s unclear how the attack took place, and the protocol has advised people not to speculate until they release an official statement. Hundred Finance is working on a post-mortem report on the attack and has said it is trying to establish a dialogue with the hacker in hopes of recovering the stolen funds. In addition, the firm has asked users based in the US, specifically New York, to contact them if they have been affected by the attack.
It looks that Hundred got hacked on #Optimism. We will update when there is more information to it.— Hundred Finance (@HundredFinance) April 15, 2023
The attack involved wrapped Bitcoin, Ethereum-based tokens that are backed 1:1 by Bitcoin. The hacker donated a large amount of wrapped Bitcoin to the smart contract on Hundred Finance, which determined the exchange rate between wrapped Bitcoin and Hundred Finance Wrapped Bitcoin. This inflated the exchange rate, after which the attacker took out a large loan and then redeemed a relatively small amount of Hundred Finance Wrapped Bitcoin.
#CertiKSkynetAlert 🚨@HundredFinance’s attacker manipulated the exchange rate between ERC-20 tokens and htokens which allowed them to withdraw more tokens than they had originally deposited. The estimated losses of this attack is around $7.4 million.— CertiK Alert (@CertiKAlert) April 15, 2023
Stay vigilant! https://t.co/1hxAnFoNjj
Following the attack, the value of Hundred Finance token, HND, fell 46% to $0.0212. Hundred Finance has also been in talks with various security teams about the incident. This is the second time Hundred Finance has been hacked, with the first incident occurring in 2022, causing the protocol to temporarily pause its markets across chains.
According to Hundred Finance, the lending protocol is still in its early stages of development and is designed to enable crypto lending and borrowing across multiple chains with a focus on simplicity and low fees. However, the attack has left many wondering whether the protocol’s security measures are robust enough to prevent future attacks.
The attack on Hundred Finance is the latest in a series of high-profile hacks in the crypto world. Earlier this year, the decentralized finance (DeFi) protocol Alpha Homora lost over $37 million in a hack. In 2022, the decentralized exchange (DEX) Sushiswap was hacked for $14 million.
These incidents highlight the importance of security in the crypto industry and the need for developers to continuously improve their security measures to stay ahead of hackers. As the crypto industry continues to grow, security concerns will likely remain a top priority for developers and users alike.
In the meantime, Hundred Finance is working to recover from the attack and regain the trust of its users. The protocol’s team is conducting a post-mortem to determine the root cause of the attack and is working with security experts to prevent future attacks.
Overall, the hack on Hundred Finance serves as a reminder that even the most innovative and promising projects in the crypto industry are not immune to security breaches. As the industry continues to evolve, it is critical for developers and users to prioritize security and take proactive measures to protect themselves and their assets.
This is not the first time that Hundred Finance has been targeted by hackers. In March 2022, the protocol was hacked on the Gnosis chain, which is a blockchain project that runs on top of the Ethereum network. The hack caused Hundred Finance to temporarily pause its markets across chains.
Unfortunately Hundred and Agave have both been exploited on Gnosis chain today. Gnosis team is aware, investigation is ongoing.— Hundred Finance (@HundredFinance) March 15, 2022
All the Hundred markets on all chains paused for now.
These are the two transactions:
It is not clear if the same attackers were involved in both the Gnosis chain and Optimism attacks. In the wake of this latest heist, the protocol is now facing a major challenge in regaining users’ trust, as it seeks to reassure them that their funds are safe with them.
The multi-chain lending protocol is still in its early stages, having been launched in 2021, and is relatively unknown. However, it is now faced with a major setback in its growth, and it remains to be seen how it will recover from this incident.
Meanwhile, this latest attack on a crypto platform highlights the need for stronger security measures to protect against such threats. It is also a reminder of the importance of transparency and communication in the crypto industry, as users need to be kept informed about any breaches in security and the steps being taken to address them.
The hack on Hundred Finance is also a warning to other DeFi protocols and platforms, which need to remain vigilant in their security efforts and take proactive measures to protect their users from potential threats. As the crypto industry continues to grow and evolve, it is likely that attacks such as this will become more common, making it essential for companies to be prepared and proactive in their security measures.
The hack on Hundred Finance is a major blow to the platform and a warning to the wider crypto industry about the risks of cyber attacks. It is now up to the protocol team to demonstrate that they are taking the necessary steps to address the issue and restore users’ confidence in the platform.