A hacker has made off with approximately $11 million in Wrapped ETH, Wrapped BTC, Chainlink, USDC, Gnosis, and Wrapped XDAI after using a “re-entrancy” attack on DeFi lending protocol applications Agave and Hundred Finance.
The attack comes within 24 hours of news breaking of the Deus Finance exploit, where hackers stole over $3 million in Dai and Ethereum from the lending contract platform.
Agave’s token, AGVE, dropped by 20 per cent following the attack, according to data from CoinGecko. Hundred Finances’ token HND fell 3.5 per cent after it announced the exploit, however it’s since recovered to hit a 24-hour-high.
“Agave is currently investigating an exploit on the agave finance protocol”, Agave tweeted on Tuesday 15th at 1:30pm UTC, “We will update you as soon as we know more.” It noted that the contracts have been paused until the situation is resolved.
The Hundred Finance team also tweeted it was exploited on Gnosis chain, and has paused its markets whilst it pursued investigations.
According to on-chain analysis, the address associated with the attacker has sent over 2,100 ETH, worth over $5.5 million, to a crypto mixer in an attempt to launder the stolen tokens.
Related:Deus Finance exploit: Hackers get away with $3M worth of DAI and Ether
Solidity developer and creator of an NFT liquidity protocol app, Shegen (@shegenerates) tweeted that she lost $225,000 in the exploit, and that her investigations revealed the attack worked by exploiting a wETH contract function on Gnosis Chain that allowed the attacker to continue borrowing crypto before the apps could calculate the debt, which would prevent further borrowing.
The attacker ran this exploit, continually borrowing against the same collateral they were posting until the
Read more on cointelegraph.com