PeckShield recently reported that Hundred Finance lost over $7 million in an attack. The blockchain security firm announced that the attack took place on the L2 Optimisim scaling solution.
The attacker used 200 WBTC to exploit the lending protocol on April 15. The attacker donated WBTC to boost hWBTC’s exchange value. It allowed the attacker to use smaller hWBTC amounts to drain the lending pools.
The breach was announced initially on Hundred Finance’s official Twitter account. The tweet stated that the protocol has been attacked and users would get more information shortly. After the announcement, several users tried to assess the attack, offering multiple results.
Some even posted the possibilities to Hundred Finances. One of the users analyzing the transaction over Etherscan found that two contracts could mint hWBTC. The user agreed that both mints have slightly different ratios in the 5th decimal place. Thus, the attacker might have also tested both mints before the attack.
Similarly, another user found a unique pattern to the attack. The user stated that the attacker breached the system by minting, transferring, borrowing, redeeming, and liquidating the tokens.
The attacker started by donating 200 WBTC to Hundred Finance. They received 200 hWBTC in return. They deposited 500 WBTC, increasing the price of hWBTC by 250x. In the end, they used the hWBTC as collateral to borrow more funds across other markets.
According to Hundred Finance, the protocol is already in talks with different security teams. They have also sent a message to the attacker while requesting the general public to lend their assistance.
In addition, Hundred Finance has requested that users not speculate further about the breach. The protocol runs a post-mortem, but its primary focus is reaching the attacker and initiating a negotiation.