Skip to content
TechnologyCybersecurityIndustryManipulatedEthereumDefiEstimatedHtokensFinanceMultichainBlockchain

Finance platform Hundred breached, losses exceed $7 million

Uncover the specifics behind the Hack on Hundred Finance's Optimism blockchain: A loss of $7.4M from deliberate tampering with ERC-20 token exchange rates.

 and  Administrator
3 min read

Finance platform Hundred breached, losses exceed $7 million

Busted wallets again: Hundred Finance suffers $7.4m loss in hack on Optimism

DeFi protocol Hundred Finance took a hit, losing assets worth over $7.4 million in a hack on the Ethereum layer-2 blockchain Optimism. Security analysts point the finger at a clever exploit of the exchange rate between ERC-20 tokens and hTokens, allowing the perpetrator to snatch more than they initially deposited.

Certik, a blockchain security firm, revealed the launchpad for this digital heist. They detailed that the hacker manipulated the exchange rate through Cash value. Cash is the WBTC hoard that the hBTC contract holds. The attacker allegedly padded the hToken contract with oversized donations of WBTC, boosting the exchange rate in the process.

The tally of swiped assets includes 0.058 WBTC, 20,854 SNX, 1,265,978 USDC, 842,788 DAI, 1,113,430 USDT, 865,142 sUSD, 457,286 FRAX, and 1,030 ETH.

Hundred Finance isorsaking the opportunity for speculation, exhorting the community to stay cautious on the specifics of the attack until a post-mortem is completed. The DeFi platform is in contact with the hacker, hoping for a peaceful resolution. "We're hoping the hacker will come back to us," Hundred Finance tweeted in defiance.

Crypto hacks have been on a rampage this month, with multiple platforms feeling the icy grip of intruders. The latest victim is MetaMask, whose third-party provider was caught in a hack — creating ripples about the ongoing vulnerabilities lurking within these platforms, attracting cybercriminals like piranhas in a stagnant pond.

The crypto world must beef up security or brace themselves for a maelstrom of consequences.

For a deeper dive into the crypto hacking conundrum, burrow down the crypto timewarp at The Crypto Times!

Strengthening DeFi security:To shore up security in DeFi multichain platforms, current best practices focus on advanced cryptographic techniques, user-centric security architecture, and cross-chain operational safeguards.

  • Security-First Design:
  • User Key Sovereignty: Prioritize non-custodial control, ensuring wallets such as Ledger Nano X and Trezor Model T keep users in charge of their private keys, amputating centralized vulnerabilities.
  • Secure Sharing of Secrets: Implement multi-party computation (MPC) technology, like that seen in Zengo Wallet, to replace frail seed phrases, minimize phishing, and shield against unauthorized access.
  • AI-Driven Vigilance: Deploy AI-driven systems to monitor transactions for suspicious activity, such as abnormal gas fee surges or unauthorized withdrawal patterns.
  • Cross-Chain Protections:
  • Bridge Protection: Integrate audited cross-chain bridges with MEV protection and slippage controls to foil exploits during asset transfers between chains (e.g., Symbiosis’ non-custodial bridge supporting 40+ chains).
  • DEX Guardrails: Use intent-based execution (like Super Hooks in Delta v2.5) and MEV-resistant routing to minimize front-running risks on swaps.
  • Chain Permission Confinement: Limit smart contract permissions across chains to reduce lateral movement during breaches.
  • Regulatory & Operational Synergy:
  • Regulatory Compliance: Adopt blockchain analytics tools to track illicit flows, striking a balance between decentralization and compliance, as emphasized in recent regulatory frameworks.
  • Transaction Optimization: Predict network congestion and suggest optimal transaction timing/route to reduce failed transactions and associated risks.
  • Smart Contract Auditing: Conduct frequent audits, especially after cross-chain protocol upgrades, to squash vulnerabilities like those exploited in the KiloEx hack.
  • User Awareness & Tools:
  • Phishing-resistant UIs: Equip interfaces with biometric authentication and transaction simulation tools to verify contract interactions before signing.
  • Multi-chain Transparency: Offer unified dashboards showing asset positions and staking rewards across all supported chains to aid users in detecting anomalies.

By coupling these technical measures with evolving regulatory compliance and user empowerment, DeFi platforms can evade the risks embedded in multichain operations. The integration of cross-chain DEX aggregators like Symbiosis displays how seamless UX and non-custodial security can coexist harmoniously.

  1. Initiatives to strengthen DeFi security are vital, focusing on advanced cryptographic techniques, user-centric design, and cross-chain operational safeguards.
  2. Adopting a security-first design means prioritizing non-custodial control, keeping users in charge of their private keys, ensuring wallets like Ledger Nano X and Trezor Model T remain secure.
  3. Implementing multi-party computation (MPC) technology, such as that seen in Zengo Wallet, can replace weak seed phrases, minimize phishing, and protect against unauthorized access.
  4. AI-driven systems should be deployed to monitor transactions for suspicious activity, such as abnormal gas fee surges or unauthorized withdrawal patterns.
  5. Integrating audited cross-chain bridges with MEV protection and slippage controls can foil exploits during asset transfers between chains, like Symbiosis' non-custodial bridge supporting 40+ chains.
  6. DeFi platforms can evade risks embedded in multichain operations by integrating regulatory compliance, conducting frequent audits, and using intent-based execution and MEV-resistant routing to minimize front-running risks on swaps.
Unravel the intricacies of the Hundred Finance breach on the Optimism blockchain: a whopping $7.4 million vanishes after the illicit manipulation of ERC-20 token exchange rates.

Read also:

    Related

    Latest