DeFi lending protocol applications Agave and Hundred Finance were hit by a hacker within 24-hours of Deus Finance. The hacker, by using a re-entrancy attack, managed to take off with $11 million in USDC, Wrapped BTC, Gnosis, Chainlink, Wrapped XDAI and Wrapped ETH. Hackers in the Deus Finance attack stole over $3 million in Dai and Ethereum.
Following the exploit, Agave’s token AGVE declined by nearly 20% and Hundred Finance’s token HND saw a price drop by 3.5%. But HND has recovered and hit a 24-hour high.
The platform tweeted that Agave is probing the incident on the Agave Finance Protocol. It will inform its users as soon as it has more details to share. The platform has paused the contracts until the situation is resolved. The Hundred Finance team also took to Twitter to inform users about the attack. It tweeted that it was attacked on the Gnosis chain. This platform has also put its market on pause as it investigates the incident.
The address associated with the attacker, as per on-chain analysis, has sent over 2,100 ETH, estimated to be worth over $5.5 million, to a crypto mixer. This is a bid to launder the stolen cryptos. Shegen, solidity developer and creator of an NFT liquidity protocol app, said she lost $225,000 in the attack. She determined through investigations that the hacker exploited a wETH contract function on Gnosis Chain. This allowed the attacker to continue borrowing crypto before the apps could calculate the debt.
The attacker continued to borrow against the same collateral until the protocols were drained off funds. Shegen highlighted that the smart contract on Agave is the same as Aave – every security researcher has audited. She said that as such, the contract is safe. But Shegen believes this incident stands out from some bigger ones because it seems top-tier safe, which wasn’t. She also said that she doesn’t blame Agave developers for failing to prevent the attack.