Lending Protocol, Hundred Finance hacked on Optimism, suffers $7M loss. The lending protocol has suffered a severe security breach on the Optimism layer-2 scaling solution.
- Lending Protocol Hundred Finance got hacked on Optimism and suffered approximately a $7M loss.
Hundred Finance is a multi-chain lending protocol based on the veHND model that connects with Chainlink oracles to ensure market health and stability. On the Optimism layer-2 scaling solution, there was a severe security breach in the lending protocol.
The protocol reported on Saturday, April 15, via their official Twitter, accounts that they had been hacked, with damages estimated at $7 million.
On Twitter, the lending protocol also mentioned that they sent a message to the hacker to see if they could reach an agreement and is in discussions with various security teams.
CertiK, a blockchain security firm, is investigating the incident. According to CertiK, the hacker who targeted Hundred Finance took advantage of the exchange rate between ERC-20 tokens and htokens, allowing them to withdraw more tokens than they initially deposited. This attack is estimated to have caused $7.4 million in financial damage.
CertiK further stated that,
“The exchange rate formula was manipulated through Cash value. Cash is the amount of WBTC that the hBTC contract has. The attacker manipulated it by donating large amounts of WBTC to the hToken contract so that the exchange rate goes up.”
According to the CertiK report, this security breach can be classified as a “flash loan attack,” which involves hackers borrowing significant sums through uncollateralized loans from lending protocols, which they then use to manipulate an asset’s price on a decentralized finance (DeFi) platform.
A flash loan is a crucial feature in DeFi platforms, allowing users to borrow large sums of assets without security for a short period of time, generally inside a single blockchain transaction.
Although flash loans might be used for legal objectives, they can also be used by bad actors to carry out flash loan attacks, as in the instance of Hundred Finance.