Home
News
DeFi is one of the most potential sectors in the crypto ecosystem. Many believe that the industry has the potential to disrupt our mainstream banks. But the industry is also too hot as it faced several scams and rug pulls. Recently, Hundred Finance has lost $6.5 million in a reentrancy attack on Wednesday. According to reports it is also unveiled that the illicit attackers exploited the loan contract and used Tornado Cash to hide their tracks.
DeFi protocol suffers reentrancy attack
SlowMist, a blockchain security firm, tweeted on Wednesday to highlight that the DeFi lending protocol Hundred Finance lost more than 2363 ETH. At press time the valuation of the laundered ETH coins was about $6.5 million. Additionally, the tweet underscored that breaking down the attack and showing the flow of the funds.
Moreover, the attackers used the mixing service of Tornado Cash that helped them to wash off the trails. Indeed, the platform is most popular among illicit players who carry out similar attacks.
Furthermore, the attacker’s bridged the funds over to the Gnosis chain to create malicious contracts. The attackers have borrowed millions in flash loans from SushiSwap as collateral on Hundred Finance.
Wary about using non-ERC-20 token contracts
The malicious actors made use of an exploit in the loan contract, and borrowed more than collateral provided. Doing so helped them generate millions. Later the funds were sent back to the ETH network.
Following the scenario, SlowMist underscored that the teams should be wary about using non-ERC-20 token contracts and check to see if they are compatible. Additionally, it is essential to check whether the contract amounts should be recorded before token transfers and the Checks Effects-Interactions rules should be followed to avoid issues like this in the future.
Attacks are common in decentralized finance sector
Since the beginning of this year we have seen numerous attacks in the DeFi market. It is evident why the hackers see that there is a lot to be gained from the numerous projects growing in TVL every day. And yet another reentrancy attack on one project which is no stranger to exploitation. Indeed, this has become an enormous problem for many of the protocols and projects which needs to be addressed soon.
