The hacker was able to withdraw more tokens than were initially deposited.
There appears to be a rising case of DeFi exploits and multichain lending protocol Hundred Finance may be the latest victim. According to a recent announcement by the protocol, attackers found a loophole to successfully manipulate the exchange rate between ERC-20 tokens and hTOKENS. And as a result, the attacker has reportedly made away with no less than $7.4 million from the protocol.
Meanwhile, it might be worth noting that this is the second time in as many years that Hundred Finance has been hacked. Last year, the protocol and Agave were victims of a reentrancy attack on Gnosis Chain that saw both platforms losing a joint $11 million.
Hundred Finance Seeks Resolution of DeFi Exploit
According to Hundred Finance, it has already begun efforts to recover the stolen funds. The lender says it has reached out to the yet-to-be-identified hacker and advises anyone with information that could lead to the recovery of the stolen funds to come forward. It also urges the hacker to come to a negotiation table as soon as possible. One of its most recent tweets reads:
“Once again we hope the hacker will reach out back to us and we will be able to find a joint solution to resolve this matter.”
Hundred Finance has also partnered with some security firms to explore how the attack came to be and also to forestall similar occurrences in the future.
As confirmed by blockchain security firm Certik, the incident was indeed a flash loan attack. Certik says the hacker was able to withdraw more tokens than they originally deposited, after manipulating the exchange rate between ERC-20 tokens and hTOKENS.
Flash Loan Attacks: A Growing Menace in DeFi
It is noteworthy that Heaven Finance’s $7.4 million loss is only further proof that the decentralized finance (DeFi) space is still under serious attack. Over the years, there has been an endless list of similar incidents across the space. And despite a slow start in the year running, DeFi hacks and losses have somehow picked up steam again.
Recall that in March, Euler Finance was hacked and the attack saw it suffer losses of nearly $196 million. Although Euler recovered most of its funds, several other DeFi protocols have also been exploited this month. They include Allbridge, Sentiment, and Yearn Finance, among others.
Mayowa is a crypto enthusiast/writer whose conversational character is quite evident in his style of writing. He strongly believes in the potential of digital assets and takes every opportunity to reiterate this.
He’s a reader, a researcher, an astute speaker, and also a budding entrepreneur.
Away from crypto however, Mayowa’s fancied distractions include soccer or discussing world politics.