Lending Protocol Hundred Finance Falls Victim to $7.4M Optimism Security Breach

Hundred Finance, a decentralized application (dApp) that enables the lending and borrowing of cryptocurrencies, fell victim to a security breach executed through Ethereum Layer-2 blockchain Optimism security breach.

The company was first to alert its customer about the attack via Twitter on April 15th.

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

What is a Smart Contract? (Explained with Animations)

SUBSCRIBE

ON YOUTUBE

It is worth noting that although, in the series of tweets, Hundred Finance did not reveal the reason behind the exploit, blockchain security firm CertiK came to help. The firm claims the exploit was a flash loan attack, where hackers take out uncollateralized loans from lending protocols to manipulate asset prices on decentralized finance (DeFi) platforms.

The attack on Hundred Finance involved the manipulation of the exchange rate between ERC-20 tokens and hTOKENS, which allowed the hacker to withdraw more tokens than initially deposited. CertiK further commented on the hack by stating:

The exchange rate formula was manipulated through Cash value. Cash is the amount of WBTC that the hBTC contract has. The attacker manipulated it by donating large amounts of WBTC to the hToken contract so that the exchange rate goes up.

Soon after CertiK shared its take on the exploit, Hundred Finance shared a tweet urging the community "not to speculate on how the attack was executed." The protocol asserted that its "team is preparing a post-mortem."

Moreover, the company claimed it had contacted the hacker while working with several security teams to address the issue.

This attack comes after a similar Hundred Finance exploit on the Gnosis Chain nearly a year ago, in which the protocol lost over $6 million due to a reentrancy attack. The same attacker also managed to steal funds from the Agave protocol during that exploit.

Flash loan attacks targeting DeFi protocols have become increasingly common. Notable examples include Euler Finance, which lost $196 million, and Mango Markets, which lost $46 million. While the hacker responsible for the Euler Finance attack returned most of the stolen funds, US authorities arrested the Mango Markets thief.

Gile K., Market Sentiment Analyst

Gile is a Market Sentiment Analyst who understands what public events may form what emotions. Her experience researching Web3 news and public market messages – including cryptocurrency news reports, PRs, and social network streams – is critical to her role in helping lead the Crypto News Editorial Team.
As an intelligent professional in public relations, together with the team, she aims to determine real VS fake news patterns, and bring her findings to anyone searching for unbiased news and events happening in the FinTech markets. Her expertise is uncovering the latest trustworthy & informative Web3 announcements to the masses.
When she's not researching the trustworthiness of mainstream stories, she spends time enjoying her terrace view and taking meticulous care of her outdoor environment.

Full Bio

All Expert Contributors & Analysts