After a year of inactivity, the hacker who stole $7.4 million from the decentralized Finance (DeFi) protocol Hundred Finance has begun transferring the crypto assets.
The infiltrator removed approximately $800,000 worth of Ether and Tether from Curve’s decentralized exchange (DEX) on May 1, more than a year after supplying liquidity on the platform.
Upon completion of the withdrawal process, the infiltrator converted USDT and additional cryptocurrencies to ETH. This resulted in an over $1 million increase in the exploiter’s ETH.
The compromised wallet currently contains an assortment of crypto assets worth $4.3 million, including Dai, Wrapped Ether, Frax, and Wrapped Bitcoin.
The DeFi protocol disclosed a security vulnerability on the layer-2 network Optimism on April 15, 2023.
According to the blockchain security firm CertiK, the perpetrator manipulated the hTOKENS-ERC-20 token exchange rate. Consequently, they were capable of withdrawing an excess of tokens deposited.
Flash loan attacks are a prevalent name for this in the DeFi community. Typically, this category of attack vector entails obtaining substantial sums of money through an unsecured loan from a lending platform.
The assailant then manipulates the price of cryptocurrencies on DeFi platforms using the assets. The Hundred Finance breach resulted in fraud using an exchange rate to obtain substantial loans.
Hundred Finance was also at risk of a Gnosis Chain vulnerability in 2022. A reentrancy attack depleted the liquidity of the protocol, leading to a financial loss of $6 million.
In April 2024, there was a notable decline in the financial losses caused by flash loan attacks, a category of hacking that has caused considerable disruption in recent years.
A report by CertiK indicates that the mere $129,000 in losses incurred in April were attributable to flash loan attacks. Its most significant incident of the month resulted in a mere $55,000 in damages. Since February 2022, this was the smallest amount lost to flash loan attacks, according to the report by CertiK.
Moreover, overall crypto hacking losses decreased during April. According to security firm PeckShield, hacking caused the loss of a mere $60 million during the month. This signifies a substantial decrease compared to the losses of $360 million and $187 million incurred in February and March, respectively.
