Multichain lending protocol Hundred Finance has experienced a significant security breach on the Ethereum layer-2 blockchain Optimism. According to the protocol on Twitter, the losses sit at $7.4 million.
Hundred Finance announced the exploit on April 15, saying it had contacted the hacker and was working with various security teams on the incident. Although the protocol didn't reveal how the attack was executed, blockchain security firm Certik noted that it was a flash loan attack:
#CertiKSkynetAlert @HundredFinance’s attacker manipulated the exchange rate between ERC-20 tokens and htokens which allowed them to withdraw more tokens than they had originally deposited. The estimated losses of this attack is around $7.4 million. Stay vigilant! https://t.co/1hxAnFoNjj
Flash loan attacks take place when a hacker borrows a large amount of funds via a flash loan (a type of uncollateralized loan) from a lending protocol. The hacker then combines it with other techniques to manipulate the price of an asset on a decentralized finance (DeFi) platform.
In Hundred's case, the attacker manipulated the exchange rate between ERC-20 tokens and hTOKENS, allowing them to withdraw more tokens than originally deposited, according to Certik. The blockchain security firm continued:
Certik says that large loans were taken out under the manipulated exchange rate. Hundred Finance is preparing a postmortem report on the incident.
This attack comes almost nearly 12 months after Hundred was exposed to another exploit on the Gnosis Chain. At that time, the hacker drained all the protocol's liquidity through a re-entrancy attack. Over $6 million was lost. In the same exploit, the hacker also stole funds from the Agave protocol.
Since last year, a number
Read more on cointelegraph.com