In a novel “re-entrancy” attack, Agave and Hundred Finance, two DeFi protocols, were deployed. There was an apparent $11 million theft from both DeFi protocols on the Gnosis chain by the hacker who used a flash-loan assault.
The hack came less than a day after the Deus Finance breach, which resulted in a $3 million theft of Dai (DAI) and Ether (ETH) from the lending contract platform.
The impact of the hack on the market
Data shows that Agave token AGVE plummeted by 20% after the hack and when Hundred Finances HND revealed the exploit, its price dropped by 3.5%. After a brief dip, it’s now back to its previous 24-hour high.
Attacks on Flash loans
An apparent flash loan reentrancy hack on both Defi protocols on the Gnosis chain wiped out almost $11 million. The hacker grabbed the stolen funds in wrapped ETH, BTC, USDC, Gnosis, and XDAI.
On Tuesday, both Defi platforms acknowledged the intrusions and said their contracts had been suspended to prevent additional harm. Agave also said that their team is looking into the Agave finance protocol vulnerability.
Unfortunately Hundred and Agave have both been exploited on Gnosis chain today. Gnosis team is aware, investigation is ongoing.
— Hundred Finance (@HundredFinance) March 15, 2022
All the Hundred markets on all chains paused for now.
These are the two transactions:
Hundred https://t.co/mdtViohijn
Agave https://t.co/RKB5MVx0O4
The hacker exploited the reentry vulnerability for Agave and Hundred Finance, enabling a flash loan attack
The assailant seemed to be making a series of calls to remove funds without putting up any further collateral. The address linked to the hacker has transmitted over 2,100 ETH, valued at more than $5.5 million, to a crypto mixer in order to hide the stolen tokens.
***