Hope Lend Ethereum decentralized finance (DeFi) protocol has almost no assets remaining as all 526 Ether in total value locked was emptied in an attack on Oct. 18.
According to multiple blockchain security firms, on October 18, two individuals stole from Hope Lend a total of 526 Ether worth $825,357 at publication: a forerunner who defeated the original hacker after discovering the exploit and the original hacker. “The successful attacker gained 264 ETH and paid a 263 ETH bribe to an ETH validator,” CertiK reported.
Hope.money, the creator of the DeFi protocol, presented an alternate version of the incident. In its X thread, developers claim that a single hacker stole 526 ETH worth of user funds, paid 263.91 ETH in bribes to a validator purportedly managed by Lido Finance, and earned 264.08 ETH in profit. Hope.money employees said:
“It is crucial to emphasize that all protocols deployed on http://Hope.money are independent and will not impact the various other products and protocols currently live on the platform, including HopeCard、HopeSwap and $HOPE. We are committed to ensuring the protection of the affected users’ rights, and the corresponding funds remain secure.”
DeFi aggregator DeFiLlama had announced two days prior that it would begin monitoring Hope Lend’s smart contracts for data curation. At the time of publication, Hope Lend possessed no discernible protocol assets.
While developers did not specify the cause of the incident, on-chain investigator Spreek claimed that the breach “seems to be related to WBTC decimals and rounding, similar to the recent Wise Lending hack.”
