Main page » Crypto News » DeFi Protocol Hundred Finance Loses $7M in Latest Exploit
Crypto News

DeFi Protocol Hundred Finance Loses $7M in Latest Exploit

DeFi Protocol SafeMoon Loses $8.9 Million in Bug Exploit

Hundred Finance, a multi-chain lending protocol, has been targeted in a security breach on the Optimism layer-2 scaling network, resulting in the theft of approximately $7 million worth of assets. The platform confirmed the exploit on April 15 and is currently negotiating with the hacker, while also working with various security teams to resolve the issue. Hundred Finance is urging anyone with information on the incident to come forward.

What Happened?

According to blockchain security firm Peckshield, the hacker executed the attack by donating 200 WBTC to inflate the exchange rate for hWBTC, allowing them to drain Hundred Finance’s lending pools with a tiny amount of hWBTC. CertiK, another security firm, suggests that the attacker manipulated the exchange rate between ERC-20 tokens and hTokens by donating large amounts of WBTC to the hToken contract to increase the exchange rate. The exploiter then opened a large borrow position under the new exchange rate, which allowed them to withdraw more tokens than they had initially deposited.

The protocol is currently preparing a post-mortem on how the exploit occurred and is advising people not to speculate on it, stating that the focus is to establish communications with the hacker to reach an agreement for a refund.

Not the First

This is not the first time Hundred Finance has been targeted by hackers. Last year, the platform suffered a reentrancy attack resulting in a loss of approximately $6.5 million worth of ETH to the hacker. Despite the exponential growth of the DeFi space, a pressing issue that looms large is the escalating security threats. Recent data from blockchain analytics platform Chainalysis reveals that DeFi protocols were hit the hardest in 2022, accounting for a staggering 82% of all stolen crypto assets, equivalent to $3.1 billion in losses.