A new hack shakes up DeFi – This time it’s on the Ethereum second layer network Optimism that the case happened. The crypto lending platform Hundred Finance to undergo a hack big this weekend.
Flaw in the Hundred Finance protocol: the hacker takes 7 million
A little over a year after a first hack who had stolen from him a little more than 11 million dollars, again for the Hundred Finance crypto loan service. This lending platform, deployed on Optimism, layer 2 of Ethereum, has just undergone a second hack on April 15.
“The current estimated loss is approximately $7 million.
Once again, we hope that the hacker will contact us and that we will be able to find a compromise in order to solve this problem.
Thank you all for your support and help during these difficult times. »
Hundred Finance is currently working with its security teams to analyze the origin of the hack. According to the analysis company Certikthe attacker would have taken advantage of a fault in the protocol. More precisely, it would have exploited the conversion ratio between the tokens at standard ERC-20 on Ethereum and the htokens. The latter are supposed to be equivalent tokens distributed by the protocol itself, Hundred Finance.
“The Hundred Finance attacker manipulated the conversion ratio between ERC-20 tokens and htokens, which allowed him to withdraw more tokens than he initially deposited. The estimated loss via this attack is around 7.4 million [de dollars].
Be careful. »
>> Need to store your cryptocurrency safely? Ledger offers you $20 in BTC for the purchase of a Nano S Plus key (commercial link) <<
DeFi: a world under construction, a playground for hackers
This type attack « flash loan » allows the hacker to recover more funds than they deposit. In fact, he can thus empty the coffers of a protocol if he is not blocked in time. The attacker allegedly used the stolen funds to manipulate the price of an asset within the DeFi (centralized finance).
“The exchange’s conversion formulas would have been manipulated through the ‘Cash’ value. ‘Cash’ is the amount of WBTC contained within the hBTC smart contract. The attacker allegedly manipulated him into supplying large amounts of WBTC to the hBTC contract in order to drive up the exchange’s conversion rate. »
Via this artificially boosted conversion rate, the hacker could thus have withdrawn from the exchange amounts much higher than those deposited.
In the certainly innovative environment of DeFi, but in full construction, the hacks are legion. I’year 2022particularly well supplied disasters of this type, is the perfect example. However, it is today’s challenges and difficulties that will allow tomorrow to build this finance of the future. They are the breeding ground for robust protocols that will hopefully allow us to enjoy newfound financial freedom, in a world where the banks’ control over our money tends to strengthen.
In crypto, do not economize on caution! So, to keep your crypto assets safe, the best solution is still a personal hardware wallet. Cherry on the cake, Ledger offers you $30 in BTC for buying a Nano X and $20 for a Nano S Plus. Do not wait to put your capital in safety (commercial link)!