Malicious actors continue to profit from vulnerabilities found in crypto-related firms.
Hundred Finance, a decentralized application (dApp) that enables the lending and borrowing of cryptocurrencies, fell victim to a security breach executed through Ethereum Layer-2 blockchain Optimism security breach.
The company was first to alert its customer about the attack via Twitter on April 15th.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
What is Fantom? | Animated FTM Explainer
It is worth noting that although, in the series of tweets, Hundred Finance did not reveal the reason behind the exploit, blockchain security firm CertiK came to help. The firm claims the exploit was a flash loan attack, where hackers take out uncollateralized loans from lending protocols to manipulate asset prices on decentralized finance (DeFi) platforms.
The attack on Hundred Finance involved the manipulation of the exchange rate between ERC-20 tokens and hTOKENS, which allowed the hacker to withdraw more tokens than initially deposited. CertiK further commented on the hack by stating:
The exchange rate formula was manipulated through Cash value. Cash is the amount of WBTC that the hBTC contract has. The attacker manipulated it by donating large amounts of WBTC to the hToken contract so that the exchange rate goes up.
Soon after CertiK shared its take on the exploit, Hundred Finance shared a tweet urging the community "not to speculate on how the attack was executed." The protocol asserted that its "team is preparing a post-mortem."
Moreover, the company claimed it had contacted the hacker while working with several security teams to address the issue.
This attack comes after a similar Hundred Finance exploit on the Gnosis Chain nearly a year ago, in which the protocol lost over $6 million due to a reentrancy attack. The same attacker also managed to steal funds from the Agave protocol during that exploit.
Flash loan attacks targeting DeFi protocols have become increasingly common. Notable examples include Euler Finance, which lost $196 million, and Mango Markets, which lost $46 million. While the hacker responsible for the Euler Finance attack returned most of the stolen funds, US authorities arrested the Mango Markets thief.
