Finance institution Hundred suffers over $7 million theft through hacking incident.
Hackers hit decentralized finance (DeFi) platform Hundred Finance on the Ethereum layer-2 blockchain Optimism, swiping assets worth over $7.4 million.
Blockchain security firm Cetrik revealed the attacker tricked the exchange rate between ERC-20 tokens and hTokens, allowing them to suck out more tokens than they initially deposited. According to Cetrik, the attacker manipulated the Cash value, which is the WBTC amount held by the hBTC contract. By generously donating vast amounts of WBTC to the hToken contract, the attacker drove up the exchange rate, providing more tokens than initially deposited.
Cetrik's report also disclosed a breakdown of stolen assets: 0.058 WBTC, 20,854 SNX, 1,265,978 USDC, 842,788 DAI, 1,113,430 USDT, 865,142 sUSD, 457,286 FRAX, and 1,030 ETH.
Hundred Finance acknowledged the issue and has been in touch with the hacker, collaborating with security teams to fix the problem. The DeFi protocol pleaded with the hacker to get back in touch and work out a mutually acceptable solution. In the meantime, they advised the community to avoid guessing the intricacies of the assault while they perform a comprehensive evaluation of the incident.
The hack on Hundred Finance follows a string of security breaches on multiple crypto platforms. The latest victim was MetaMask, whose third-party provider got hacked, fueling concerns about persisting vulnerabilities within these platforms.
To stave off similar attacks, it's essential for DeFi platforms to revamp their security infrastructure. Here are some measures DeFi platforms can take:
- Upgrade Smart Contract Security
- Rigorous Verification: Thoroughly verify smart contracts to weed out potential vulnerabilities.
- Continuous Audits: Regularly audit smart contracts for new or evolving weaknesses.
- AI and Machine Learning Security Boost
- Real-Time Transactions Tracking: Use AI to monitor transactions in real-time, spotting abnormal behavior indicative of fraud.
- Predictive Analytics: Employ predictive analytics to foresee and thwart potential attacks.
- Ethical Hacker Engagement
- Bug Bounty Programs: Encourage ethical hackers to finding vulnerabilities, giving them financial rewards.
- User Protection Strategies
- Hardware Wallets: Encourage users to use hardware wallets for extra cryptocurrency security.
- Token Approval Management: Educate users to manage token approvals to minimize potential exposure to malicious contracts.
- Cross-Platform Solutions and Security Standards
- Secure Inter-chain Solutions: Implement secure cross-chain solutions to transact without introducing new vulnerabilities.
- Collaborative Security Standards: Adopt and contribute to collective security standards to maintain a consistent protection level in the DeFi ecosystem.
- Regulatory Compliance and Trustbuilding
- KYC and Reporting Requirements: Adhere to KYC and reporting regulations for better transaction tracking.
- Security Partnerships and Transparency: Form partnerships with security firms and maintain open communication to build trust among users and regulators.
By implementing these strategies, DeFi platforms can markedly lower their risk of hacks and fortify overall security within the ecosystem.
The hack on Hundred Finance serves as a wake-up call for decentralized finance (DeFi) platforms to prioritize their cybersecurity measures. To prevent similar incidents, it's crucial for DeFi platforms to upgrade their smart contract security, implement continuous audits, and employ AI and machine learning for real-time transactions tracking and predictive analytics. Furthermore, engaging ethical hackers through bug bounty programs and educating users on token approval management can also enhance security. Additionally, secure inter-chain solutions, collaborative security standards, adherence to KYC and reporting regulations, and forming partnerships with security firms can further strengthen the ecosystem's overall security.
