Business

Agave Protocol and Hundred Finance DeFi Mined for $11M

blank

One hacker earned about 11 million dollars in Wrapped ETH, Wrapped BTC, Chainlink, USDC, Gnosis, and Wrapped XDAI after using a “re-entrancy” attack on DeFi lending protocol applications Agave and Hundred Finance.

The attack occurred within 24 hours of news of the Deus Finance exploit, where hackers stole more than $3 million in Dai and Ethereum from the lending contract platform.

Agave’s token, AGVE, dropped 20% after the attack, according to data from CoinGecko. Hundred Finances’ HND token fell 3.5% after the mining announcement, however since the recovery it hit a 24-hour high.

“Agave is currently investigating an exploit on the agave financial protocol”, Agave tweeted on Tuesday 15 at 1:30 p.m. UTC, “We’ll update you as soon as we have more information.” It noted that the contracts have been put on hold until the situation is resolved.

Hundred Finance team also tweeted it was mined on the Gnosis chain and has halted the market while pursuing investigations.

According to on-chain analysis, Address involves an attacker who sent over 2,100 ETH, worth more than $5.5 million, to a crypto mixers in an attempt to launder stolen tokens.

Related:Deus Finance Mining: Hackers Take away $3M worth of DAI and Ether

Solidity developer and creator of an NFT liquidity protocol application, Shegen (@shegenerates) tweeted that she lost $225,000 in the mining and that her investigations revealed the attack. The public worked by exploiting a wETH contract function on Chain of Gnosis that allows the attacker to continue borrowing crypto before the apps can calculate the debt, which would prevent further borrowing.

The attacker performed this exploit, repeatedly borrowing against the same collateral they posted until all the funds were withdrawn from the protocols.

Shegen told Cointelegraph that while the smart contract on Agave is essentially the same as Aave, which secures $18.4 billion, “every security researcher has tested it,” she said, “so, It is reasonable to assume that the contract is secure.”

“I think this hack stands out more than some of the larger ones,” Shegen said, noting that even if it was a smaller hack than others stole millions of dollarsSimilarities to Aave mean that “it looks top-notch, but it’s not, and breaking trust hurts.”

“It’s like you can’t even trust ‘safe’ code.”

Blockchain security researcher Mudit Gupta speak the difference between Aave and Agave is that “Aave proactively checks for re-attention before listing tokens on the mainnet to avoid similar attacks.”

Shegen says she doesn’t blame the Agave developers for not stopping the attack.

“Agave has been used in a way that is not secure,” she said, “perhaps the developer should not allow the use of tokens with callbacks in them in the platform or add more protections.” .”

“For example, Curve didn’t get hit today, because it has extra security guards, but I don’t really blame Luigy and the Agave team as this is highly unlikely and passed. many people.”

Shegen also doesn’t blame Gnosis for generating tokens with a callback function that the hacker exploited, saying the feature prevents users from accidentally losing their crypto.

“It’s actually a great feature for bridging tokens, it’s just a really unfortunate and unlucky situation in my opinion.”

https://cointelegraph.com/news/unlucky-agave-and-hundred-finance-defi-protocols-exploited-for-11m Agave Protocol and Hundred Finance DeFi Mined for $11M

Fry Electronics Team

Fry Electronics.com is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – admin@fry-electronics.com. The content will be deleted within 24 hours.

Related Articles

Back to top button