Hundred Finance Loses Over $7 Million in Flash Loan Attack

Reading Time: 2 minutes
  • DeFi platform Hundred Finance has lost over $7 million to a hacker who initiated a flash loan attack
  • The protocol has since acknowledged the breach and is working to recover the funds
  • Hundred noted that the hack was due to a “general flaw in the code and not specific to Hundred deployment.”

DeFi platform Hundred Finance has lost over $7 million to a hacker who initiated a flash loan attack. Although the protocol has since acknowledged the breach, it noted that the hack was due to a “general flaw in the code and not specific to Hundred Finance deployment.” Hundred revealed that it’s working to recover the funds, a task that includes engaging with the malicious actor.

Hundred Wants to Engage the Hacker

According to blockchain security platform Certik, the hacker manipulated the formula guiding the exchange of the protocol’s tokens htokens against Ethereum’s ERC-20 tokens leading to a loss of roughly $7.4 million. 

Hundred said that it’s investigating the hack and urged the community to wait for a detailed report on how the attacker managed to compromise the protocol’s security, adding that it’s trying to establish communication with the attacker and possibly reach an agreement. 

The act of engaging with DeFi hackers is increasingly bearing fruit with the likes of the Crema hacker and Tender.fi attacker agreeing to return stolen funds after negotiations. Other malicious actors such as the Mango Markets exploiter have chosen to keep the funds despite their identity being revealed, arrested and taken to court.

New Yorkers Reach Out

In the meantime, it has urged United States-based users, especially New Yorkers, to “reach out.” In another message to Compound V2 fork users, Hundred said that the attack was due to a general flaw in the code, adding that the flaw wasn’t associated with the deployment of the protocol’s contracts.

With Hundred engaging with the hacker, it’s possible to recover the funds although the attacker may demand to keep part of the funds as a bounty reward.

Share