Hackers steal $11 million from Agave and Hundred Finance protocols

0
127
Hundred Finance protocols

Hacks in the world of DeFi are already an everyday reality. This time, however, not one protocol was hacked, but two at once – Agave and Hundred Finance. The attacker carried out re-entrancy attacks, thanks to which he managed to grab $11 million worth of loot in the form of wETH, wBTC, LINK, USDC, Gnosis and wXDAI.

What is a re-entrancy attack?

According to information in Tenderly, in both cases the hackers exploited the re-entrancy bug. To clarify, re-entrancy is a vulnerability in Solidity that allows a hacker to trick a smart contract into connecting to an untrusted contract. Once the hacker has control, he can then make recursive references to the original function, and drain the funds.

Blockchain security expert Mudit Gupta discovered that in this particular case, the main problem was the official “bridged” tokens on the Gnosis chain. He stated that they are “custom and have a hook that calls the recipient of the token with each transfer”, and this is what makes it possible to carry out re-entrancy attacks.

Read Also: The GamerHash NFT Marketplace is now available!

Leave a reply