A hacker carried out a $7 million hacking attack on Hundred Finance’s DeFi protocol by manipulating the price of hWBTC tokens and emptying pools.
The attack was targeted at pools on Optimism’s L2 network, and Hundred Finance suffered a loss of $7 million. The creators of the DeFi protocol acknowledged the exploit on April 15th and stated that they have begun an investigation into the issue with several security teams.
They also mentioned that the hacker had already come forward, and the project team posted on Twitter that they hoped to work with the hacker to find a solution to the problem.
This is not the first time that the protocol has been compromised. In 2022, a reentry attack on Gnosis Chain occurred, which harmed Hundred Finance and Agave. The total damage sustained was $11 million.
A hacker manipulated the hWBTC token’s price
The hacker manipulated the hWBTC token’s price by providing 200 WBTC to raise the price of hWBTC, open up a sizable position at the higher price, and buy back the initial deposit, depleting the credit pools using just a small quantity of 2 Wei. Certik, a blockchain security company, backed Peckshield’s results and estimated the damage at roughly $7.4 million.
DeFi protocols are still the main target for criminals
Hackers continue to focus on DeFi protocols, with 99.6% of attacks in the first fiscal quarter of 2023 directed towards DeFi platforms. This demonstrates the attackers’ continued ability to hack these systems. In March alone, hackers successfully used 26 flaws to steal $211.5 million worth of cryptocurrencies, with $197 million going to Euler Finance. From the beginning of the year, they have taken almost $255 million in total.