beincrypto.com
DeFi lending protocol Hundred Finance has lost roughly $6.5 million in a reentrancy attack that took place on March 16. The attacker exploited the loan contract and used Tornado Cash to hide their tracks.
DeFi lending protocol Hundred Finance has lost over 2363 ETH, worth about $6.5 million, in a reentrancy attack that took place on March 16. Blockchain security firm SlowMist tweeted about the attack, breaking down the attack and showing the flow of the funds.
The hacker used the mixing service Tornado Cash to mask the trail of the funds, which is popular among bad actors carrying out similar attacks. The hacker’s address bridged the funds over to the Gnosis chain to create malicious contracts, which borrowed millions in flash loans from SushiSwap as collateral on Hundred Finance.
They then made use of an exploit in the loan contract, borrowing more than their collateral provided, doing so until millions were generated. These funds were converted to ETH and sent back to the Ethereum network.
SlowMist said that teams should be wary about using non-ERC20 token contracts and check to see if they are compatible. It also recommended that,
“contract amounts should be recorded before token transfers, and the Checks-Effects-Interactions rules should be followed to avoid issues like this in the future.”
2022 has already seen numerous attacks in the DeFi market, and it’s evident why, as hackers see that there is a lot to be gained from the numerous projects growing in TVL every day.
No shortage of attacks in the DeFi space
This is yet another reentrancy attack on a DeFi project, which is no stranger to exploitation. Hackers have long been targeting vulnerabilities in smart contracts to siphon funds, and this has become an enormous problem for teams.
Last year saw Grim Finance lose $30 million in a similar attack, and Cream Finance — which suffered multiple attacks in 2021 — as well. Security company CertiK, which audits smart contracts, said that 44 DeFi attacks in 2021 were due to centralization.
Solutions that have been proposed to help deal with the problem include crypto insurance. This is yet to fully take hold, however, and investors continue to lose funds. Perhaps the most important step that projects can take is to ensure that their smart contract. This has become an important decision when it comes to investing these days.