On Saturday, April 15, 2023, hackers targeted the Hundred Finance multi-chain lending protocol, resulting in a loss of approximately $7 million, according to blockchain security and data analytics firm PeckShield. The DeFi lending protocol was infiltrated when a hacker donated 200 WBTC to inflate hWBTC’s exchange rate, allowing them to drain the lending pools using small amounts of hWBTC.
Hundred Finance promptly announced the protocol breach via its official Twitter handle. The DeFi lending platform stated that the breach occurred on its Optimism Layer 2 scaling solution. According to the announcement, the platform is in talks with different security teams and has sent a message to the hacker while preparing a post-mortem. The team’s primary focus is establishing communication with the hacker and negotiating an agreement.
Following the announcement, various users attempted to analyze the hack, providing alternative results to what happened. Some users posted their analysis as replies to Hundred Finance’s tweet. For example, one user who analyzed the transaction on Etherscan noted two contracts that could mint hWBTC. According to the user, both mints have slightly different ratios in the fifth decimal place, and the hacker tested both mints before the hack.
Another user provided a more detailed description of the hack, noting that the hacker executed the hack using a unique attack loop involving minting, transferring, borrowing, redemption, and liquidating tokens. Hundred Finance advised users to refrain from further speculation about the attack and solicited help from the public on how to resolve the issue.
The hack is a stark reminder of the security risks associated with decentralized finance (DeFi) platforms. DeFi platforms have grown in popularity in recent years, with the total value locked (TVL) in DeFi protocols surpassing $100 billion in August 2022. However, the rapidly evolving nature of the DeFi landscape means that security risks are ever-present, and investors must exercise caution when investing in these platforms.
The hack also highlights the importance of blockchain security and data analytics firms such as PeckShield. These firms play a crucial role in identifying and mitigating security risks in the DeFi space. As the DeFi industry continues to grow, the demand for these services is likely to increase.
In conclusion, the hack of Hundred Finance’s lending protocol serves as a stark reminder of the security risks associated with DeFi platforms. While the DeFi industry has grown rapidly in recent years, investors must exercise caution when investing in these platforms. The incident also highlights the importance of blockchain security and data analytics firms such as PeckShield in identifying and mitigating security risks in the DeFi space.