Multi-chain lending protocol Hundred Finance has suffered a security breach on the Optimism layer-2 scaling network, which resulted in the theft of approximately $7 million worth of assets.
On April 15, Hundred Finance verified the vulnerability, saying that it had contacted the hacker for discussions. The platform is also collaborating with other security teams to tackle the issue, and anyone with knowledge on the event is encouraged to contact them.
The hacker carried out the assault by giving 200 WBTC to increase the exchange rate for hWBTC, according to blockchain security firm Peckshield. With a little quantity of hWBTC, they were able to deplete Hundred Finance’s lending pools.
According to CertiK, the attacker altered the exchange rate between ERC-20 tokens and hTokens by giving huge sums of WBTC to the hToken contract in order to boost the exchange rate. The exploiter then launched a huge borrow position at the increased exchange rate, allowing them to withdraw more tokens than they had put initially.
The protocol stated that it is preparing a post-mortem on how the vulnerability occurred and warned users not to speculate. The team claimed that the priority is to communicate with the hacker in order to achieve an agreement for a reimbursement.
Not the First Rodeo for Hundred Finance
It is worth mentioning that this is not the first time Hundred Finance has been compromised. Last year, the protocol was subjected to a reentrancy attack, which cost the exploiter around $6.5 million in ETH.
Despite the exponential development of the DeFi industry, growing security concerns remain a major concern. According to recent statistics from blockchain analytics company Chainalysis, DeFi protocols were the heaviest impacted in 2022, accounting for a stunning 82% of all stolen crypto assets, amounting to a staggering $3.1 billion in damages.