BTC

$63989.625

-3.67%

ETH

$3131.731

-4.02%

BNB

$611.401

-0.05%

XRP

$0.522

-4.23%

News

Hundred Finance Suffers A $6.5M Loss As A Result Of A DeFi Reentry Attack.

March 17, 2022 - Around 3 mins mins to read

DeFi lending protocol Hundred Finance suffered a $6.5 million loss as a result of a reentry assault on March 16. The attacker took advantage of the loan arrangement and utilized Tornado Cash to conceal their activities.

Hundred Finance Suffers A $6.5M Loss As A Result Of A DeFi Reentry Attack.
Hundred Finance Suffers A $6.5M Loss As A Result Of A DeFi Reentry Attack.

Hundred Finance, a DeFi lending platform, lost over 2363 ETH (about $6.5 million) in a reentrancy attack on March 16. SlowMist, a blockchain security firm, tweeted about the assault, breaking it down and displaying the movement of assets.

The hacker employed the Tornado Cash mixing service to hide the trail of the payments, which is common among bad actors carrying out similar assaults. The hacker’s address sent cash to the Gnosis network, where they were used to establish fraudulent contracts that borrowed millions in flash loans from SushiSwap as collateral on Hundred Finance.

They then took advantage of a defect in the loan contract, borrowed more than their collateral offered, and continued to do so until millions were created. These funds were converted to ETH before being returned to the Ethereum network.

SlowMist advised teams to be cautious when utilizing non-ERC20 token contracts and to check to see whether they are compatible. It also suggested that:

“contract amounts should be recorded before token transfers, and the Checks-Effects-Interactions rules should be followed to avoid issues like this in the future.”

Hundred Finance Suffers A $6.5M Loss As A Result Of A DeFi Reentry Attack.
The attacker borrowed millions using flashloans: SlowMist

2022 has already seen multiple attacks in the DeFi sector, and it’s easy to understand why: hackers recognize a lot to be gained from the numerous projects expanding in TVL on a daily basis.

This is another another reentry assault on a DeFi project that has a history of being exploited. Hackers have long exploited flaws in smart contracts to drain revenue, creating a massive headache for teams.

Grim Finance lost $30 million in a similar attack last year, as did Cream Finance, which was targeted three times in 2021. According to CertiK, a security organization that examines smart contracts, 44 DeFi attacks will occur in 2021 as a result of centralization.

Crypto insurance is one solution that has been presented to help with the situation. However, this has yet to completely take effect, and investors continue to lose money. The most critical step that projects can take is to guarantee that their smart contract works properly. When it comes to investing these days, this has become a critical decision.

Join CoinCu Telegram to keep track of news: https://t.me/coincunews

Follow CoinCu Youtube Channel | Follow CoinCu Facebook page

Patrick

CoinCu News

News

Hundred Finance Suffers A $6.5M Loss As A Result Of A DeFi Reentry Attack.

DeFi lending protocol Hundred Finance suffered a $6.5 million loss as a result of a reentry assault on March 16. The attacker took advantage of the loan arrangement and utilized Tornado Cash to conceal their activities.

Hundred Finance Suffers A $6.5M Loss As A Result Of A DeFi Reentry Attack.
Hundred Finance Suffers A $6.5M Loss As A Result Of A DeFi Reentry Attack.

Hundred Finance, a DeFi lending platform, lost over 2363 ETH (about $6.5 million) in a reentrancy attack on March 16. SlowMist, a blockchain security firm, tweeted about the assault, breaking it down and displaying the movement of assets.

The hacker employed the Tornado Cash mixing service to hide the trail of the payments, which is common among bad actors carrying out similar assaults. The hacker’s address sent cash to the Gnosis network, where they were used to establish fraudulent contracts that borrowed millions in flash loans from SushiSwap as collateral on Hundred Finance.

They then took advantage of a defect in the loan contract, borrowed more than their collateral offered, and continued to do so until millions were created. These funds were converted to ETH before being returned to the Ethereum network.

SlowMist advised teams to be cautious when utilizing non-ERC20 token contracts and to check to see whether they are compatible. It also suggested that:

“contract amounts should be recorded before token transfers, and the Checks-Effects-Interactions rules should be followed to avoid issues like this in the future.”

Hundred Finance Suffers A $6.5M Loss As A Result Of A DeFi Reentry Attack.
The attacker borrowed millions using flashloans: SlowMist

2022 has already seen multiple attacks in the DeFi sector, and it’s easy to understand why: hackers recognize a lot to be gained from the numerous projects expanding in TVL on a daily basis.

This is another another reentry assault on a DeFi project that has a history of being exploited. Hackers have long exploited flaws in smart contracts to drain revenue, creating a massive headache for teams.

Grim Finance lost $30 million in a similar attack last year, as did Cream Finance, which was targeted three times in 2021. According to CertiK, a security organization that examines smart contracts, 44 DeFi attacks will occur in 2021 as a result of centralization.

Crypto insurance is one solution that has been presented to help with the situation. However, this has yet to completely take effect, and investors continue to lose money. The most critical step that projects can take is to guarantee that their smart contract works properly. When it comes to investing these days, this has become a critical decision.

Join CoinCu Telegram to keep track of news: https://t.me/coincunews

Follow CoinCu Youtube Channel | Follow CoinCu Facebook page

Patrick

CoinCu News

Visited 37 times, 1 visit(s) today