On April 16, the multi-chain lending protocol Hundred Finance announced a malicious attack launched on the Ethereum layer 2 scaling network. The statement revealed that the bad players drained $7 million from the lending platform.
The Hundred Finance team has engaged the forensic team to probe the matter. Also, efforts to get in contact with hackers have started.
Nature of Hundred Finance Exploit
The Hundred Finance team encourages the community to support them in the ongoing investigations. An April 16 tweet revealed that the lending company is seeking to hold dialogues with the hackers.
The Hundred Finance group plans to discuss with the hacker a practical solution regarding the hack. Reportedly in the previous trading year, Hundred Finance suffered an exploit launched on the Gnosis chain.
The 2022 hack coincided with a reentrancy exploit on the Agave platform that weakened the DeFi platform security protocol.
The two platforms lost substantial assets, amounting to $11 million from the attacks. The probing team led by the Peckshield experts observed the Hundred Finance latest hackers utilized strategic actions to launch the exploit.
How was the Hundred Finance Exploit Conducted?
Firstly the unauthorized individuals donated funds worth 200 wrapped Bitcoins (WBTC) to the lending platform. The massive donation aimed at manipulating the hWBTC exchange rate.
After a comprehensive evaluation of the operation of the hWBTC, the hacker managed to drain assets from the lending platform.
In a separate report, the Certik team assessing the nature of the Hundred Finance exploit observed that the hWBTC exchange rate was manipulated between ERC-20 and the htoken.
The blockchain security firm noted that the donation through the WBTC digital assets was transacted on the htoken contract. The Certrik team argued that a large number of WBTC assets stored on the htoken contract resulted in changes in the exchange rate readings.
At a high exchange rate, the hackers took advantage of the opportunity to borrow vast money. After the successful borrowing, the hackers withdrew all their deposited assets.
Subsequently, the April 16 transactions impacted to loss of assets worth $7.4 million from the Hundred Finance lending pools. The losses have prompted the DeFi community to assess the damages of the exploit and develop reports concerning the hack.
An analysis from a user on Etherscan illustrates that two contracts on the platform have massive potential to support hWBTC minting. However, the minting of hWBTC on the lending platform demonstrated a variance in ratios. The differences in the minting ratio enabled the hackers to execute the exploit.
A different observation from a Hundred Finance supporter provided a detailed report on the hacking activity. He argued that the attacker utilized various methods to spot vulnerability and weaken the system.
The process involved a malicious looping that involved liquidating the digital assets, token minting, borrowing, withdrawing, and multiple funds transfers. Based on the two reports, the Hundred Finance management has issued a report warning the customers concerning the swirling rumors about the attack.
Reports concerning the $7 million Hundred Finance hack have been making rounds on different social media platforms, including responses captured on the Hundred Finance Twitter account. The Hundred finance team will prioritize reaching the hackers and will keep the users updated on the ongoing investigations.
In the meantime, the lending platform has commenced with the data collection process to obtain supporting evidence concerning the hack. The April 16 attack has affected the Hundred Finance market performance.
Impact of the Hack
According to data on Dapp Radar, the trading volumes and daily transactions have plummeted in the last 24 hours. At press time 1535 UTC, Hundred Finance native Token HND dropped by 56.52% to trade at $0.01858 in a day.
The token was unable to break above the resistance level of $0.04277 in a day. The HND bearish momentum dragged the prices to its lowest point of $0.01521 in the last 24 hours. The trading volume surged by 194.4%, surpassing the $161,420 mark over the last 24 hours.
In a previous analysis by the Token Terminal group, HND’s daily activity on the platform increased in the last seven-day run. It was observed that the token fee increased by 29% in the previous week.
Similarly, DeFi platform Euler Finance recently suffered the largest hacking activity witnessed in 2023 after attackers escaped with $196 million. Other DeFi platforms, including Allbridge, Yearn Finance, and Sentiment, reported losses of assets worth $20 million after hackers launched suspicious activity on the protocol in early April.